$100K — $130K
*Job is subject to close, apply ASAP
*All applicants must apply at www.LAUSDJOBS.org
About the Role:
An Information Security Risk Manager establishes and maintains the District’s overall asset-based IT risk and IT continuity management programs to ensure that IT systems and information assets are adequately protected and there is minimum business impact in the event of an IT service interruption.
Duties will consist of:
· Manage all the risk-related activities of the Information Technology Division including the analysis, identification, and estimation of IT risks and the development, planning, testing, and documenting of remediation measures.
· Manage all IT continuity related activates based on industry best practices and a broad range of IT continuity frameworks.
· Develops, conducts, and documents regular IT risk assessments and treatment plans with recommendations, business performances and expected costs/benefits.
· Develops, conducts, and documents regular business impact analysis and IT continuity plans.
· Maintains an up-to-date understanding of industry best practices, changes in business requirements, and changes in legal or regulatory environments that could require changes to the District’s established IT risk appetite, risk tolerance, continuity plan, policies or practices.
· Coordinates with Project Management Offices at various organizational levels to ensure IT risks are properly quantified, prioritized, documented, treated, monitored and incorporate them into the overall IT risk management program.
· Creates and maintains a centralized IT risk register and an IT continuity plan to manage all IT risks related information and document changes in business continuity requirements
Graduation from a recognized college or university with a bachelor’s degree in legal studies, computer science, information systems, information technology, business or public administration, or a related field.
Four years of professional-level experience in conducting risk reviews and assessments, and developing treatment plans and reports for a large organization.
One year of the above experience must have included designing and implementing an asset-based IT risk management program.
Experience conducting business continuity reviews, assessments and developing continuity plans is preferable. Supervisory experience is also preferred
A Certified Risk and Information Systems Control (CRISC), PMI Risk Management Professional (PMI-RMP), Certified Authorization Professional (CAP), GRC Professional (GRCP), RIMS-Certified Risk Management Professional (RIMS-CRMP), Certified Business Continuity Professional (CBCP) or equivalent certification is preferred
· Knowledge of a broad range of IT security and risk management frameworks such as ISO 27005, RiskIT (ISACA), NIST 800-37, ISO 31000, CoBIT 5 for Risk, Cobit 5 for Information Security, COSO, ISO 27001, ISO 27002, ISO 22301 and NIST 800-53, and ITIL.
· Knowledge of Laws, regulations, practices, and procedures relevant to California public education, strategic IT risks, IT controls over financial reporting, IT auditing, and IT contract administration.
· Knowledge of broad IT risk-related disciplines, including IT governance, information security, business continuity, data privacy, regulatory compliance, and IT operations.
Paid premiums for your choice of several medical, dental, vision, and life insurance plans.
Membership in the California Public Employee Retirement System (CalPERS).
Vacation: 24 days
Paid Holidays: 12 days.
Valid through: 4/22/2021