• Lead the execution and maturation of the information security risk management program
• Perform targeted risk assessments to identify and report on strengths and weaknesses in the program as they relate to privacy, security, business resiliency and compliance frameworks
• Manage and oversee the implementation and maintenance of an Enterprise GRC tool
• Work effectively with leads across the Information Security team to assist with identifying, measuring, and planning remedial action plans for information security risks
• Document and maintain workflows and design documents and procedures to identify gaps in risk posture and risk acceptability based on controls
• Create and present risk posture and recommendations to Information Security leadership
• Perform ad-hoc assessments, analysis, and reports as needed to support the team’s needs
• Foster and maintain good relationships with business partners and colleagues to meet expected service levels.
• Research and recommend new tools and technologies to gain efficiencies and enable functionalities.
• Deliver schedule milestones on-time to ensure project/program objectives are met.
• Performs other duties as assigned.

Required Qualifications

• Bachelor's degree required in Information Security, Information Technology, Management Information Systems
• Seven (7) years or more experience with technology risks and controls and deploying information governance, information technology risk management, compliance, information security, or privacy programs
• Seven (7) years or more experience with cybersecurity and information security program management and frameworks (e.g. NIST CSF, ISO/IEC 27000, etc.)
• Exposure to and familiarity with relevant standards such as ISO/IEC 27000 family - Information Security Management Systems, NIST Cybersecurity Framework, NIST 800, and applicable laws related to regulatory compliance, information security and privacy (e.g. SOX, HIPAA, GDPR, PCI-DSS) intermediate
• Knowledge of information security risk management and IT controls frameworks and methodologies (e.g. ISO/IEC 27005, COBIT, OCTAVE) intermediate
• Knowledge of Risk Management Principles (risk avoidance, transfer, mitigation, acceptance), Risk Assessment process intermediate
• Knowledge of Cloud Security - Cloud Control Matrix (CCM), Consensus Assessment Questionnaire (CAIQ) intermediate

Preferred Qualifications

• Master's degree preferred Information Security, Information Technology, Management Information Systems
• Knowledge of Common Controls Hub - Unified Compliance Framework (UCF) intermediate
• Knowledge of Standardized Information Gathering (SIG) Questionnaire intermediate
• Knowledge of AICPA SOC for Service Organizations intermediate
• Other Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), or Certified in Risk and Information Systems Control (CRISC) or Certified Cloud Security Professional (CCSP) credentials or International Association of Privacy Professionals (IAPP)

NA