Security Risk Manager

Global Payments   •  

Dallas, TX

5 - 7 years

Posted 302 days ago

This job is no longer available.


The Security Risk Manager is responsible development and operation of the security governance and advisory programs. Governance responsibilities include risk management, policies and standards, and compliance.

Advisory responsibilities include defining security requirements, project consulting, and controls validation. This role will be required to align the organization against security and compliance frameworks.

The role will also communicate and track risks to management to enable prioritization and sound investment decisions. The manager is a trusted risk advisor and advocate for security, business, and technology partners across the organization.

This role will also be responsible for the following corporate functions: IT Security Control Framework, Technology Risk Assessments, RiskAcceptance/Exception,Security Governance Reviews and Risk/Issue Tracking and Reporting. Other duties may be assigned as necessary.

Job Details:

• Implement security governance and advisory programs in-line with industry best practices and compliance. Align program with corporate security
• Develop and operate a security framework that is mapped to required compliances. Perform different levels of security risk assessments
• Assist in the execution of projects  and tasks to close out risk gaps
• Monitors and manages risks and mitigation efforts in partnership with risk owners, initiative owners and key stakeholders
• Perform deep dives on IT security-related processes and systems
• Partner with the program and project management team to track initiatives
• Identify system limitations that could lead to regulatory risks in new products and services, and provide guidance for resolution and risk mitigation
• Stay abreast of innovative business and technology trends in IT security, risk, and controls and advise leadership on technology initiatives.
• Acts as a trusted risk advisor for security risk management across the enterprise
• Builds relationships and coordinates with other teams and departments, including ERM, GRC, Data Privacy, DR/BCP involved in ensuring security risk management
• Prepares reports and presentations on the state of security risks and compliance with policies and standards
• Works with GRC tools supporting risk assessment processes and risk tracking
• Develop and operate security governance and advisory programs, policies, standards and align them to the corporate set
• Assist with existing and new initiatives related to data privacy, compliance, and regulations
• Conduct and lead internal, client, vendor, and third-party security assessments
• Lead local security awareness and training initiatives
• Identify, document and map technology processes and internal controls of applicable technology infrastructure and operational areas per the scope of audit projects
• Interact with  business leadership to ensure that the information security program addresses business needs for protection and proactively identifying threats
• Leads and facilitates sync meetings between global product innovation teams, infrastructure, enterprise architecture to build security in their processes and projects
• Advises and influences  business leaders, at different levels, regarding corporate security strategy, initiatives, services, and requirements
• Globally operate an information security program framework to provide assurance of the information security strategies aligning with BTS objectives
• Prioritize security initiatives, align security resources, define security requirements, create security business cases, and execute tasks/projects
• Facilitates and drives to completion of cross functional activities to meet security tactical and strategic objectives    

• Maintains a high energy level and demonstrates a desire to succeed
• Demonstrates a strong work ethic, able to multi task and ability to work well under pressure
• Skilled at leading and promoting a team-oriented culture; successfully establishes and maintains relationships across all functional areas
• Leads by example and holds department accountable for results; leads in an assertive yet sensitive manner
• Possesses strong business approach to department's financial budget and expense constraints
• Able to plan and organize work to achieve targeted goals with minimal supervision; is results-oriented and accountable for own actions
• Performs rigorous, structured and fact-based problem analysis; able to quickly assess an issue and apply creative resolutions
• Excellent project management skills; ability to manage large-scale, multi-faceted projects.
• Leveraging creative solutions when problem-solving, collaborating effectively as a team, yet functioning well with independent responsibilities, especially multitasking and extreme attention to detail
• Experience managing and working with geo-distributed team
• Excellent oral and written communication skills and a demonstrated ability to work with all levels of personnel are needed

• Excellent verbal and written communication skills including the ability to author and present materials ranging from detailed technical specifications to high-level presentations
• Solid problem solving and analytical skills; able to quickly digest any issue/problem encountered and recommend an appropriate solution
• Pragmatic understanding of security problems as a mix of technology and process issues with the ability to pursue solutions at both layers within the organization
• Performs rigorous, structured and fact-based problem analysis; able to quickly assess an issue and apply creative resolutions
• Build strong cross-organizational relationships and effectively influence staff across the IT organization and broader enterprise

• Adaptive schedules and work assignments, including willingness to travel domestically and globally, when required, and extended work hours
• 6+ years of progressive experience in IT information security and/or audit, 3+ years of experience in management
• Deep knowledge and experience of risk management, security domain highly preferred
• Experience with conducting security risk assessments, risk mitigation, control identification, and risk reporting
• Experience working in a Global Organization supporting diverse businesses and geographies
• Strong knowledge of security risk management frameworks including related regulatory compliance requirements (NIST CSF & 800-53, ISO27001, SOC, PCI, GDPR, etc.)
• Industry certifications in security, technology, and/or business management are a plus (e.g., CRISC, CISSP, CCIE, CISM, CISA, CCSK)
• Track record of innovation, results and ability to collaborate and affect change across functions
• Demonstrated collaboration skills along with the ability to influence without authority
• Strong written and verbal communication, interpersonal, presentation and negotiation skills