Information Security Risk Manager
|Position:||Information Security Risk Manager|
|Reports To:||VP, Deputy Chief Information Security Officer|
|Location:||Dallas TX or Winston-Salem, NC|
Information Security (IS) group is looking for Information Security Risk Manager as a direct report to the VP, Deputy Chief Information Security Officer. In this role, the candidate will be responsible for managing Information Security risks across the organization. The individual will perform risk assessments, and enhance the continuous information security risk monitoring program.
We are seeking strong, individually motivated candidates with a proven track record of understanding security controls and working across an organization to implement and validate controls.
- Bachelor's degree in engineering, computer science, or a related field with minimum of 8 years of experience
- 5 years of engineering, software development experience or technical leadership of technology projects
- 5 years’ experience with process, tools, techniques and practices for assuring adherence to standards associated with accessing, altering and protecting sensitive data
- Knowledge of red teaming processes to validate the effectiveness of mitigating controls
- Experience conducting risk assessments or running compliance programs and the presentation of acceptable evidence
- Extremely Strong analytical and problem solving skills
- Ability to work with all levels within the organization
- Relevant industry certification, such as CISSP, CISA, CISM, CRISC etc. is desired
Essential Functions and Responsibilities:
- Manage the execution and coordination of the Information Security risk functions related to the execution of framework components and sustainment of risk governance across the organization
- Perform Information Security Risk assessments across the organization to ensure information security risks are identified, assessed, quantified, appropriately mitigated and managed through the lifecycle of the product and/or service
- Draft reports which includes information security metrics (KRI/KPI), program status, Information Security risk profile(s), risk acceptances and other information in order to provide a holistic picture of Information Security Risk of the organization
- Perform periodic/ad-hoc reviews/testing to determine if information security controls are operating effectively
- Escalate issues to appropriate levels within organization
- Stay current in technology specific to information security risk management techniques, industry best practices, and regulatory requirements, as well as specific areas of Information Security risk
- Perform information security risk assessments of technology enabled projects; activities include vendor reviews, security requirement definition, and facilitation of security testing and management of residual risk
- Advise and guide project teams regarding compensating control alternatives where security requirements cannot be met
- Perform vendor security risk assessment activities that include evaluation of vendor controls and practices, process enhancements, performing on site assessments, reviewing security test reports, and analyzing and developing security requirements
- Knowledge of regulations and standards including GLBA, FFIEC, PCI, NIST, privacy laws, COBIT and ISO
- Monitor and report on new laws, regulations, industry standards and requirements that may affect the organization
Physical Demands and Work Environment:
Work is generally sedentary in nature, but may require standing and walking. The working environment is generally favorable. Lighting and temperature are adequate, and there are no hazardous or unpleasant conditions caused by noise, dust, etc. Work is generally performed within an office environment, with standard office equipment available.
- A letter of interest describing your experience and interest in the position
- Your resume
- Names and contact information of three references, or three letters of reference
* Please submit a single application per position.