This role is within Information Security and Risk Management (ISRM), responsible for information security risk analysis and enterprise risk management processes and to identity acceptable levels of risk for the environment. This person will work directly with their management, and other internal departments and organizations to conduct internal enterprise impact analysis to ensure the business and resources are adequately protected with proper security measures. This person will support coordination across lines-of-business (i.E., IT and business divisions) to ensure security is incorporated into initiatives. This position will require experience with cyber risk management technologies (e.G., GRC solutions) that enable a seamless and efficient process to manage strategy, risk and governance across the enterprise. This role is responsible for managing assigned project deliverables, and assisting with project execution as required.
Responsibilities of the Senior Cyber Enterprise Risk Management Specialist:
Assess potential items of risk and opportunities of vulnerability across the enterprise, in the network and on information technology infrastructure and applications.
Review risk assessments, analyzes the effectiveness of information security control activities, and reports on them with actionable recommendations.
Assist manager with the evaluation, identification and remediation of cyber risks associated with potential and pending mergers, acquisitions, and divestitures.
Participate in security planning and analyst activities.
Work independently to conceive and develop solutions to problems and approaches to meet objectives.
Collaborate with BTS teams to ensure security is incorporated in projects.
Will supervise up to two direct reports.
Requirements of the Senior Cyber Enterprise Risk Management Specialist:
Bachelors Degree in Information Security, Computer Science, or related field
5-7 years of experience is required.
Possess CISSP certification (or similar) preferred and be knowledge of national and international regulatory compliances and frameworks such as ISO, SOX, BASEL II, EU DPD, HIPAA, and PCI DSS is desired.
Experience with GRC toolsets (Governance Risk and Compliance)
Previous supervisory or management experience required.