The Manager, Cyber Risk Management is a member of the Cyber Risk team and responsible for reporting on risk related to cyber and information security in a manner that meets corporate, legal and regulatory requirements. The individual is responsible for the continuous development and improvement of the Cyber Risk Management framework, processes and related documentation. This role will partner with Cyber Security team members to manage and assess, the material risks associated with all information security activities, determining if actions need to be taken to strengthen corporate policies, processes or controls to effectively mitigate security risks across the enterprise. This position requires strong collaboration skills, detailed working knowledge of IT and information security and risk management best practices. The Manager, Cyber Risk Management must be knowledgeable about the business environment and must ensure that risks to information assets are proactively managed within the business risk appetite.
- Monitor the Cyber Risk Management program
- Assist in performing risk assessments based on the defined cyber risk framework
- Communicate and ensure IT and information security risks are managed in compliance with applicable laws, regulations, policies and standards
- Evaluating inherent security threats relative to the control environment, and providing recommendations to properly manage risks in accordance with accepted practice and corporate policies.
- Coordinates with IT Leadership Team, First and Second Line Risk Teams, and Internal Audit to facilitate key risk management processes and identify acceptable levels of risk
- Participate in key initiatives as the subject matter expert to ensure alignment with IT and Information Security programs and initiatives
- Minimum 5 years of experience in Information Security and/or IT Risk Management functions
- Bachelor's Degree
- Bachelors or Master's Degree in Information Systems, Computer Science or related discipline is highly desired.
- Proven experience with IT and Information Security best practices
- Technical abilities across a broad range of technologies: Windows, Linux, relational databases (Oracle, MS SQL, etc.), firewalls, routers, mobile devices, virtualization and cloud computing
- Working with information security risk, governance, and control frameworks such as ISO/IEC27000 series, NIST CSF, CSA CCM and PCI DSS
- Project management and organizational skills, specifically managing multiple, concurrent projects
- CISSP, CISA, CISM or CRISC certification is desired
- Strong interpersonal, written, and oral communication skills
- Highly self-motivated and directed professional, with keen attention to detail
- Excellent analytical, problem-solving and decision-making abilities
- Able to effectively prioritize tasks in a high-pressure environment
- Strong customer service and solution-focused orientation
- Experience working in a team-oriented, collaborative environment