Position Reference Number:
$115,000+, Profit Sharing
Relocation Package: Yes
Job Type: Full-Time
Required Education: BA/BS, Masters Preferred
SecurityRecruiter.com has been engaged to add information security risk management talent to a growing information security / risk management team. Our clients story is one of global success. This role will carry an internal Manager title but will not have management responsibility. It is an individual contributor role. The hiring authority and several of his peers have former CISO experience. The CISO is an individual we have known for many years. This position is responsible for managing enterprise information security risk on a global basis. The team is responsible for Governance, Intelligence and Information Security Risk. The Risk Analyst / Manager will roll out a formal approach to managing information security risk across technology platforms and business environments. This role and the entire information security program has executive support from the top of this global company. The risk management program is based on goals, principles and strategy of the companys global enterprise security strategy. Our client is an equal opportunity employer that values diversity. Responsibilities: Interact with all levels of business to align and to define and manage controls that reflect business and operational needs balanced with legal, regulatory requirements and risks. Develop and prepare general reporting and analysis of information security risk activities, including developing dashboards, trend analysis and alerts. Travel significantly as needed, up to 15%. Participate in enterprise risk assessments and the development of risk management plans across the enterprise. Analyze information security and business data to gain deep business knowledge and insight on security risk posture. Manage the Information Security Risk program that defines how information security risk is measured, articulated and reported. Assess security control effectiveness and efficiency while facilitating governance within the Enterprise Information Security Management Framework. Implement tools and controls to measure and articulate current risk levels and ensure that results are understood by stakeholders. Design communication programs to communicate business risks from cyber threat sources. Work across the enterprise with Directors of Information Technology, the Director Information Security Operations, Physical Security and others in the management of the Global Information Security Program. Ensure the ongoing integration of information security with business strategies and requirements. Drive remediation plans for audit / compliance related findings. Build strong relationships and partner closely with business partners. Perform data collection and statistical data analysis and understanding, ensure data quality, and develop tracking and reporting systems to determine the information security risk posture of the organization. Document action plans and report on issue status for Information Security Risk as needed. Identify and evaluate business and technology risks, internal controls which mitigate risks, and related opportunities for internal control improvement. Actively participate in decision making with engagement management and seek to understand the broader impact of current decisions.
Required: BA/BS in information technology, business administration, or IT-related field. 5+ years Information Security and IT Risk. Management experience. 3+ years of experience performing risk assessments, experience with internal controls, business process security audits and internal IT control testing or operational auditing. 3+ years of experience interfacing with business leaders. 3+ years of experience managing relationship across many lines of business. Relationship building, influence and communication skills are critical. Global experience is greatly appreciated. Must be able to pass a background screening process. Preferred Desirable certifications include: CISSP, CISM, CISA, CRISC, CISRCP Familiarity with security industry standards (ISO 17799, COBIT, NIST 800 series, etc.) Demonstrated ability to write business and technical reports and to participate in delivering presentations. Experience in capturing business requirements and converting business requirements into functional and technical specifications. Requires excellent time management skills, ability to juggle multiple, competing priorities, with strength in identifying and implementing solutions to address the critical needs. Ability to work in a fast-paced environment. Ability to prioritize workload and meet deadlines. Strong understanding and appreciation for the value and use of Information Security Intelligence programs and capabilities. Superior written, presentation, and verbal communication skills. Exceptional organizational, interpersonal and team skills. Ability to take a broad view of his/her position and take initiative to communicate, interact and cooperate with others to ensure that all aspects of a task are addressed. Project management experience, including business/process analysis, documenting gaps, and process improvement.