Manager, Information Security Risk
|Position:||Manager, Information Security Risk|
|Reports To:||Director, Information Security Risk|
|Location:||New York, NY, Winston-Salem, NC, or Dallas TX|
The Manager of Information Security Risk will serve as the SME supporting business units across the organization in maintaining and identifying areas of concern to TCH Information Security Risk. The individual will perform risk assessments and enhance the continuous Information Security Risk monitoring program.
- Bachelor's degree in Management Information Systems, Computer Science, or any other related field
- Minimum five (5) years of experience working in Information Security Risk, Information Security Engineering/Architecture, or technical leadership of technology projects
- Minimum five (5) years of experience working with Information Security frameworks (e.g., ISO 27001-2, COBIT, PCI DSS, PCI TSP, CSA Cloud Controls Matrix, NIST CSF, SOC 1/2)
- Experience conducting risk assessments methods utilizing threat modeling and adherence to compliance(s)
- Demonstrated experience with Information Security processes, tools, techniques, and practices
- Extremely Strong analytical and problem-solving skills
- Ability to work with all levels within the organization
- Relevant professional certification (e.g., CISSP, CISA, CISM, CRISC, etc.)
- Cloud-based industry certification (e.g., CCSP, CCSK, AWS CCP, MCAF, etc.)
- Experience working with project methodologies, such as Agile and Scrum
- Experience working within Financial Services or other heavily regulated industry
Essential Functions and Responsibilities:
- Manage the execution and coordination of the Information Security risk functions related to the execution of framework components and sustainment of risk governance across the organization
- Perform Information Security Risk assessments across the organization to ensure information security risks are identified, assessed, quantified, adequately mitigated, and managed through the lifecycle of the product and/or service
- Perform Risk Control Self-Assessments of the Information Security program including but not limited to risk assessments, control testing, Information Security process review and documenting any changes
- Perform third-party vendor security risk assessment activities that include evaluation of vendor controls and practices, process enhancements, performing on site assessments, reviewing security test reports, and analyzing and developing security requirements
- Assist in managing TCH Information Security Awareness training including, reporting on results, enhancing existing practices, working with other Information Security team members on identifying areas of concern/risk and remediation
- Reports on Information Security metrics (KRI/KPI), program status, Information Security risk profile(s), risk acceptances and other information to provide a holistic picture of Information Security Risk of the organization
- Advise and guide project teams in conjunction with other Information Security team members regarding compensating control alternatives where security requirements cannot be met
- Provide information and assistance in support of Federal Regulatory Exams, external assessments, and reviews conducted by Internal Audit. Provide recommendations for resolving audit issues. This typically involves owning the issue and ensuring other activities are progressing towards completion of their specific deliverables.
- Knowledge of regulations and standards including GLBA, FFIEC, PCI, NIST, privacy laws, COBIT and ISO. Monitor and report on new laws, regulations, industry standards and requirements that may affect the organization.
- Stay current in technology specific information security risk management techniques, industry best practices, and regulatory requirements, as well as specific areas of Information Security risk.
Physical Demands and Work Environment:
Work is generally sedentary in nature but may require standing and walking. The working environment is generally favorable. Lighting and temperature are adequate, and there are no hazardous or unpleasant conditions caused by noise, dust, etc. Work is generally performed within an office environment, with standard office equipment available. Travel may be required.
TCH places paramount importance on the health and safety of its employees, and, as such, we are taking all necessary steps to protect our workforce. Because this position may require business travel and/or working in close contact with colleagues and other third parties, TCH is requiring that the employee hired into this role present proof that they are fully vaccinated against COVID-19 during their first week of employment.
- A letter of interest describing your experience and interest in the position
- Your resume
- Names and contact information of three references, or three letters of reference
* Please submit a single application per position.