Information Security Risk Specialist
Summary of Position:
As a member of the Operations and Technology Team, the Information Security Risk Specialist will directly support initiatives and activities in the areas of Information Security Risk. The Information Security Risk Specialist will assist in the development and implementation of the Technology and Information Risk Program as well as ensure adherence to management policies, processes and standards. The Information Security Risk Specialist will be accountable for supporting a comprehensive technology and information risk management framework and associated policies and processes, managing information security initiatives, and championing compliance initiatives.
Principal Duties and Responsibilities:
- Assist in the development, implementation and administration of the technology and information risk management frameworks, policies, standards and best practices in support of the Operations and Technology Team.
- Responsible for the measuring and tracking of in-place controls to support legal and regulatory compliance in the protection of all of Company’s information assets.
- Provide support in the identification and evaluation of risks, particularly when evaluating the risk and controls of high-risk systems and applications.
- Provide education and advisory services to applications/systems/data owners to champion control objectives and benefits.
- Assist in the development and maintenance of system security plans and contingency plans for all systems within scope.
- Facilitate the implementation of process changes to address emerging technology and information risk requirements or address weaknesses discovered through monitoring, testing, or audit procedures.
- Provide technical expertise and assistance with the design, deployment and maintenance of security solutions.
- Assist in the acquisition and vendor compliance assessment, procurement and evaluation of vendors and products.
- Participate in the risk assessment to periodically re-evaluate sensitivity of the system, risks, and mitigation strategies.
- Review risk and control assessment results and communicate with the application/systems data owners key concerns and questions.
- Participate in remediation efforts and recommendations as it relates to external and internal security audits.
- Review risk and control self-assessment results and communicate with the application/systems data owners key concerns and questions.
- Administrate the Security Awareness program to address identified weakness in team knowledge and enable a strong security awareness culture.
- Facilitate effective communication between Information Security, IT Operation and other departments and/or business units.
- Support research and analysis on the impacts on system modifications, technological advances, and malicious code.
- Apply and maintain understanding of security standards and best practice frameworks.
General Overview of Compensation & Benefits:
- The median base compensation for this position is estimated to be $105,000.00 [annualized] , subject to adjustment based on business-related factors including employee qualifications and operational considerations.
- This position will be eligible for company benefits in accordance with Company policy. We offer a competitive total rewards package including medical, dental and vision coverage along with a broad range of supplemental benefits including 401k Retirement Plan, prepaid legal assistance, and more. We also offer paid time off for vacation, sickness, holiday, and bereavement. We are pleased to be able to provide 100% company paid life insurance and long-term disability insurance.
- This information is intended to be a general overview and may be modified by the Company due to factors affecting the business.
Education and Experience Requirements:
- Bachelor’s degree in Computer Science, Information Systems Security or related field.
- Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), or Certified in Risk and Information Systems Control (CRISC) desired.
- Minimum 2-4 years of experience in a similar role with a proven record of successful development and management of compliance management frameworks at a mid to large-scale enterprise environments.
- Experience developing frameworks and processes to drive a risk-based approach incorporating standard frameworks such as COBIT, ITIL, ISO and NIST into an enterprise compliance management process.
- Experience with policy and control development as it relates to meeting compliance requirements from relevant regulations.
- Capable of maintaining an effective program structure that emphasizes the coordination of resources across projects and managing deliverables between projects.
- Experience with the development of formal written reports to communicate audit results and recommendations to management and business stakeholders.
- Experience effectively communicating technical concepts to the business and non-technical individuals.
- Considerable writing proficiency, oral presentation skills, problem solving and decision-making skills.
- Excellent verbal and written communication skills, including executive-level presentations.
- Ability to deal effectively with a wide range of internal and external customers, vendors, service providers, and regulatory agencies.
- Ability to facilitate productive meetings and work successfully in a team-oriented environment.
- Ability to handle multiple competing priorities in a fast-paced environment.
- Ability to work well under minimal supervision.
- Some travel may be required for internal, conference, customer, partner and vendor meetings.
This is primarily a sedentary office position which requires the Information Security Risk Specialist to have the ability to operate computer equipment, speak, hear, bend, stoop, reach, lift, and move and carry up to 25 lbs. Finger dexterity is necessary.
- Pay Type Salary
- Hiring Rate $105,000.00
- Charlotte, NC, USA