This Job Vacancy has Expired!

Senior Manager, Security Risk

Posted on Apr 6, 2019 by Request Technology - Kyle Honn

Irving, TX 75014
Information Technology
Immediate Start
$140k - $160k Annual
Full-Time

Sr. Manager, Security Risk

Sr. Manager of Security Risk serves as a leader within the Company Information Security organization. This role will manage the establishment of an enterprise-wide cyber security risk framework; inform and execute enterprise-wide cyber security risk and control definition and assessment & process oversight; and ensure cyber security operational effectiveness through cyber security KPI selection and performance assessment, and oversight of risk life cycle management. This role will encompass both internal and external cyber risk life cycle management. Responsibilities for this role will be both operational and strategic and will require collaboration with leaders across the enterprise. Responsibilities for this role will be both operational and strategic and will require collaboration with leaders across the enterprise.

Responsibilities

  • Ensure the strategic alignment of information security with business strategy to support organizational objectives.
  • Identify and recommend appropriate measures to manage and mitigate risks and reduce potential impacts on information resources to a level acceptable to the senior management of the company.
  • Manage the review of changes in company processes, standards and technology to ensure the effectiveness of security controls to meet compliance requirements
  • Integrate security risk reporting and management activities into Company day to day processes.
  • Define, monitor, and report on a set of Key Risk Indicators
  • Support, manage and streamline the security variance process.
  • Identify and report on new and emerging security risk and risk trends, including participating in risk remediation solution discussions and updates to compliance policy and standards.
  • Fully understand business requirements and work with the business to define appropriate solutions security objectives while meeting the business need.
  • Partner with all areas of the business, including internal auditors, legal, IT and business partners
  • Develop and improve KPIs, metrics, and trending for the risk management and remediation function.
  • Respond to and assist with audits, assessments and compliance requests.
  • Participate and lead new projects as needed.
  • Serve as client liaison as needed on matters pertaining to Risk Management.
  • Promote and consult on the positions that help strengthen and secure the organization by either following standards or helping direct others on technology positions.
  • Act as a subject matter expert for the organization's information asset protection policies and procedures, and information technology best practices.
  • Provide mentoring and guidance to a team of risk professionals.
  • Develop and refine enterprise policy, standards and procedures.
  • Develop and refine procedures and techniques used by the team.
  • Other duties as assigned.
  • Provide input into the Company Corporation Strategy
  • Ensure clear lines of communication with the Company Family of Companies, Small and Emerging Businesses and Company Canada to support an enterprise view, including but not limited to the following:

o Information Security Program

o Metrics and Reporting

o Information Security Policy and Standards

o Compliance life cycle management

  • Ensure clear lines of communication between ATSV, AIS and the business
  • Develop strong partnership with AIS team members. ATSV and key business partners to ensure

o Establishment and monitoring of KRI's and KPIs

o Compliance to Company regulatory and contractual obligations

o Integration of changes to Information Security Standards and supporting documentation

o Effective delivery/remediation of audit observations

o Update the Security standards and supporting documentation

  • Ensure clear lines of communication between AIS, Operational Risk and ATSV Risk and Compliance
  • Provide reporting on the state and efficacy of security controls for Company Corporation
  • Secure ongoing security funding for special/complex projects, and evangelizing security awareness across Business Unit
  • Responsible for being the leader in supplier management risk reviews.
  • Be well versed in supplier enterprise security due diligence and assessment.
  • Facilitate regular onsite security assessments of suppliers to assess information security risk.
  • Identify and recommend appropriate measures to manage and mitigate supplier risks and reduce potential impacts on information resources to an acceptable level.
  • Work with suppliers to remediate the risks identified during the information security assessments.
  • Understand how to risk-rank suppliers, perform risk assessments, and communicate results to the business.
  • Document and communicate risk assessments and results in a manner that allows all readers across the enterprise to understand the risk.
  • Partner with all areas of the business, including Privacy, Legal, Procurement, IT, and business partners.
  • Serve as client liaison as needed on matters pertaining to Risk Management.
  • Promote and consult on the positions that help strengthen and secure the organization by either following standards or helping direct others on technology positions.
  • Provide input into the Company Corporation Strategy
  • Ensure clear lines of communication with the Company Family of Companies, Small and Emerging Businesses and Company Canada to support an enterprise view, including but not limited to the following:

o Information Security Program

o Metrics and Reporting

o Information Security Policy and Standards

o Compliance life cycle management

  • Ensure clear lines of communication between ATSV, AIS and the business
  • Develop strong partnership with AIS team members. ATSV and key business partners to ensure

o Establishment and monitoring of KRI's and KPIs

o Compliance to Company regulatory and contractual obligations

o Integration of changes to Information Security Standards and supporting documentation

o Effective delivery/remediation of audit observations

o Update the Security standards and supporting documentation

  • Ensure clear lines of communication between AIS, Operational Risk and ATSV Risk and Compliance
  • Provide reporting on the state and efficacy of security controls for Company Corporation
  • Secure ongoing security funding for special/complex projects, and evangelizing security awareness across Business Unit

Qualifications

  • Bachelor's Degree or equivalent experience
  • 5+ years of experience in audit or information security related role.
  • Strong understanding of audit methodologies and regulatory requirements pertaining to information security, privacy and/or data security
  • Project management experience highly desired
  • Ability to manage multiple complex priorities and competing agendas without express authority over delivery teams
  • Ability to interpret and apply policies and regulations across a large, complex business
  • Analytical aptitude with an emphasis on investigative, methodical critical questioning and logical thinking; a data-driven decision maker
  • High level of interpersonal skills to interact with leaders at multiple levels and facilitate team interactions
  • Advanced skills with MS-Windows and other related PC applications
  • Experience with Cloud security control requirements
  • One or more of the following certifications:

o Certified Information Systems Security Professional (CISSP) from ISC2

o Certified Information Security Manager (CISM)

o Certified Information Systems Auditor (CISA) from ISACA

o Advanced degree or masters in computer systems or equivalent

If this is an opportunity that you're interested in please email your resume to (see below)

Reference: 688015569