About This Opportunity
This position has been designed to serve as an in-house subject matter expert and advisor on Cybersecurity. The key responsibilities for this role will be conducting cybersecurityrisk, threat and vulnerability assessments for InComm and its corporate entities, monitoring the effectiveness of risk mitigation strategies, advising the business on best practices and monitoring cybersecurity program performance. The candidate will actively work with Enterprise Data Protection (InfoSec), ERM and IT on risk communications and reporting.
Why InComm? InComm offers an opportunity to work in the interesting niche of fin-tech. We are producing technologies and services that impact consumer shopping in most parts of the world and partner with many of the world’s well-known brands and retailers. This is an opportunity to bring your IT and Security knowledge to a to a sector that is constantly evolving, fast paced, and unique.
- Execute ongoing cybersecurityrisk assessment and maintain associated risk registers
- Support assessments and testing of controls for SOC1/SOC2, PCI and other compliance activities
- Record and assess threats and vulnerabilities with the company’s IT environment
- Communicate risk and security issues to multiple stakeholder groups (i.e. translate technical risks into a business context)
- Develop reporting on cybersecurityrisk profile and cybersecurity effectiveness to the Enterprise Risk Committee
- Investigate and analyze significant internal and external risks events
- Maintain cybersecurity assessment procedures and ensure procedures align with leading practices and guidance
- Collaborate with business stakeholders to advise on application security controls and secure develop practices
- Evaluate and assist with security awareness activities
- Support risk management activities for third and fourth party cybersecurityrisks
- Bachelor’s degree in information systems, business, computer science or similar degree
- 5-7 years of experience in risk management, audits, compliance and/or cybersecurity
- Certifications such as the CISSP, CISA or CRISC
Knowledge, Skills and Capabilities
- NIST cybersecurity framework
- Cybersecurity and reporting tools
- IT general controls (ITGC) and secure development (SDLC)
- CVE and CVSS Risk Scores
- OSWAP top ten.
- Vulnerability management and Sever System Patching.