Primary responsibilities of the Information Security Risk Management Lead include the following:
- Partner with Business Units to identify, analyze and mitigate security risk, internal and third party, associated with activities executed throughout the enterprise.
- Act as team lead across information security risk management activities including internal and third party risks.
- Provide security consultation for new and ongoing enterprise initiatives.
- Consult on defining security policies and best practices.
- Educate and build awareness of security requirements across the organization.
- Improve compliance with security standards and policies across enterprise teams.
- Participate in testing and monitoring of security and privacy controls executed by enterprise teams.
- Lead security enhancement projects focused on new or changing technologies.
- Publish executive-level security reporting across governance, risk, and compliance activities.
- Project Management
- Self-led Learner
- Customer First Mentality
- Strong Adaptability
- Process Documentation Management
- Process Mapping Development
- Cross-functional Team Leadership
- Strategic Thinking and Planning (Team)
- Solid Risk Management Foundation
- Solid Information Security Foundation
- Solid Security Control Framework Foundation
- General Data Privacy Foundation
- Can Teach/Educate Risk & InfoSec Principles
- Can Consult Business on Risk and InfoSec Principles
- Requires a well-organized, cheerful and persuasive individual, who can manage multiple priorities at once.
- Must have good meeting management and communication skills to keep conversations focused and productive.
- Must be self-driven; able to manage schedules, meet deadlines, coordinate with others, and perform tasks with minimal supervision.
- Must have the ability to work with a diverse audience, under tight deadlines, and negotiate successful outcomes to challenging problems.
- Analytical aptitude with an emphasis on investigative, methodical critical questioning and logical thinking; a data-driven decision maker.
- High-level interpersonal skills.
Education and Experience:
- Bachelors Degree (or equivalent experience) and at least 5-8 years of directly related experience. Must have a solid understanding of SOX, PCI, CPNI, CCPA, FACTA and similar IT Compliance and Privacy regulations.
- Strong understanding of risk mitigation methodologies and regulatory requirements pertaining to information security, privacy, and/or data security.
- Professional certification (CISA, CRISC, CSIM, CIA or similar) is highly desired. Candidates who apply will be tested in several areas, including verbal/spelling, math/logic and business problem-solving, and must meet minimum standards to be considered for this position.