Qualifications

â?¢

8+ years of relevant experience in the disciplines of information security, risk assessment activities or information security compliance with strong hands-on experience in security risk assessments

â?¢

Superior attention to detail and focus on quality work delivery

â?¢

Expertise in information security best practices and technology risk management disciplines, including knowledge and familiarity with a broad range of IT and information security products and technologies such as Network Security, Cryptography, Identity and Access Management, Vulnerability Management, Logging and Monitoring, Cloud Platforms, and Application Security

â?¢

Familiar with one or more regulatory requirements and laws such as, but not limited to, PCI, Federal Financial Institutions Examinations Council, Sarbanes-Oxley Act, HIPAA, GDPR and GLBA

â?¢

Additionally, experience in one or more: ISO 27001, ITIL and NIST

â?¢

General understanding of the Factor Analysis of Information Risk methodology

â?¢

Working knowledge of software development practices and technologies

â?¢

Experience in developing performance or risk metrics, and executive dashboards

â?¢

Excellent analytical & technical skills, able to research problems, determine root causes and solutions

â?¢

Experience using and administering collaboration platforms such as MS SharePoint, Confluence, or JIRA

â?¢

Must be a self-starter and able to work independently, as part of a team, and lead working groups as required

â?¢

Work ethic based on a strong desire to exceed expectations

â?¢

Ability to work successfully in a fast-paced, results-oriented environment

â?¢

Requires excellent time management skills, ability to appropriately prioritize multiple, competing demands

â?¢

Ability to translate business needs into business requirements, and then implement

â?¢

Bachelorâ??s Degree in Computer Science or related discipline

â?¢

Relevant certifications or ability to obtain information security certifications such as CISSP, CCSP, CCSK, CISM or CRISC

Responsibilities

â?¢

The individual is responsible for proactive identification, assessment, treatment and continuous monitoring of information security risks

â?¢

As a risk assessment SME, the individual reviews cybersecurity practices and recommends remediation of gaps or proposes new controls, consistent with best practices, as well as continually evaluates risk exposure and tolerance as defined by business leaders and external entities

â?¢

The role also reviews and documents deficiencies, advocates for change and, when appropriate, escalates issues to senior risk leadership

â?¢

This is a key role in assuring that cyber risks are effectively managed, client information is protected, and our clientâ??s trust is maintained

â?¢

Success in this role will require ability to exercise influence, communicate effectively, think strategically, and work collaboratively among internal and external stakeholders across multiple functions combined with strong expertise in risk management discipline and security and technology controls best practices

â?¢

Serve on a distributed risk team responsible for reviewing and documenting where security and technology controls are adequate or require improvement, as well as areas where risk being taken on is too high

â?¢

Recommend risk reduction steps to be implemented and maintained through policies, procedures, frameworks, and technical controls

â?¢

Work closely with risk management and security leadership, teammates, and stakeholders to evaluate and recommend models aligning with organizational risk posture

â?¢

Identify strengths and weaknesses in the program as they relate to privacy, security, business resiliency and compliance frameworks

â?¢

Document, formulate and enforce security improvements that balance risk with business operations, and do not diminish efficiencies or innovation

â?¢

Influence application and technology teamsâ?? implementation and execution of necessary controls within production environments and establish practices to measure, monitor, and report on control effectiveness on an on-going basis

â?¢

Review technical reports from vulnerability and penetration testing assessments and results from tabletop exercises

â?¢

Identify security gaps and patterns in the reports

â?¢

Work with SMEs to ensure remediation and escalate as needed

â?¢

Create and present risk posture discovery and recommendation reports to risk management leadership

â?¢

Develop and deliver executive-level reporting and presentations outlining cyber risks, risk velocity/trending, and status of defined action plans

â?¢

Identify and manage continuous improvements in various areas, including automation of risk assessments, leadership reporting activities, development and maintenance of risk-related information, and audit and/or regulatory areas

â?¢

Contribute to the creation and ongoing development of security and control metrics

â?¢

Support maturing cyber risk governance through development of standard processes and procedures

â?¢

Advocate and promote awareness of cyber risks to business and technical partners

â?¢

Perform proactive management of findings by working with appropriate teams to develop remediation action plans, track progress, and facilitate risk remediation actions

â?¢

Build strong relationships and partner closely with business and technology partners across.

â?¢

Develop internal processes to increase team efficiencies and continually mature operations

â?¢

May travel minimally as part of training and ongoing program developments and improvements

Benefits

â?¢

â??In addition to the salary range, this role is also eligible for bonus or incentive opportunities.â?

â?¢

Workplace Flexibility Program: We\'re proud to support our employees in a working approach that allows you to bring your best self to work â?? whether thatâ??s in the office or remote

â?¢

We have the opportunity to voluntarily work in the office or at home based on their preference*

â?¢

We offer a competitive and flexible package designed to help you make the most of your life at work and at homeâ??today and in the future