Security Risk & Assessment Manager

Overview

OVERVIEW

The IT Security Risk & Assessment Manager primary responsibility is executing IT/IS workplans aligned to regulations and frameworks. This role will be key to identifying common/noncommon processes, performing control testing on behalf of the CISO, assisting shadow IT join common controls, as well as also helping control owners understand how to self-test controls and maintain evidence. The person should be experienced using GRC software to help with implementation overall to help ensure the development of a single internally aligned testing approach aligned to both 2nd and 3rd line.

RESPONSIBILITIES

Willingness to become an expert of the operations that are being supported.

Identify opportunities for supporting and optimizing business processes and system implementations to achieve business goals.

Work with stakeholders to understand business requirements and communicate the necessity and benefit of control standardization and testing.

Perform business process and control assessments and convey risk reduction to leadership and stakeholders.

Build long-term, trust-based relationships with stakeholders, vendors, and internal shared services.

Ensure adherence to IT security policies and procedures, safeguarding company data and systems from unauthorized access and breaches.

Maintain close partnerships with 3rd line, to maximize support for Internal Audit initiatives.

Develop and maintain budget, project, and reporting documentation as necessary to ensure timely and effective communication of real time status through presentations and reporting.

Must be comfortable managing several initiatives at a time.

QUALIFICATIONS Bachelor's Degree - Business Administration, Finance/Accounting, Information Technology or Engineering or similar preferred.

3-5 years of Audit & Risk experience in Big 4 or similar entity (ALIGN, Coalfire, etc.).

Working knowledge executing IT/IS workplans aligned to regulations and frameworks.

Strong working knowledge of industry frameworks and regulations, such as NIST 800-53, GLBA, NYDFS, SOX, ISO 27001, Secure Controls Framework, etc. with experience mapping and implementation of controls derived from the control inventory.

Working knowledge of Business Process Audits, Control Ownership and Lifecycle considerations.

Excellent interpersonal and communication skills, ability to problem solve and liaise with departmental staff and senior management.

Demonstrable experience in developing and testing controls based on ubiquitous industry frameworks.

Experience in highly regulated environments, preferably Financial Services or similar.

Working experience with GRC solutions. Auditboard highly preferred.

CERTIFICATIONS, LICENSES, AND/OR REGISTRATION

Risk and Audit certifications: CRISC, CISA or other relevant certifications preferred.

Project Management certifications: PMP preferred

LOCATION & COMPENSATION

This is a fully remote position and can be based anywhere in the US.

Base compensation is expected to be $75-100k with the opportunity for incentive compensation including bonus compensation.