SalaryUSD TBD TBD
- Oversees the risk assessment and information security awareness processes.
- Conducts internal IT risk assessments
- On at least an annual basis, conducts or causes to be conducted an IT risk assessment.
- Work with the Cyber Security Manager to develop a schedule of internal risk reviews
- Coordinate reviews with Internal Audit as required to minimize impact of assessments to business units
- Interfaces with end users as well as all levels of management, technical and business sources to complete assessments
- Responsible for a deep understanding of business processes and technology used within the assigned areas to ensure that the business is in compliance with regulatory requirements and the Information Policy and applicable procedures, processes and standards.
- Acts as primary IT Risk and Compliance representative on IT and business projects to ensure that information security risks are managed appropriately
- Maintain relationships inside and outside of IT to enable the discovery of risks outside formal risk assessments.
- Evaluate and recommend controls to mitigate information technology, security and privacy risk. Map internal controls to appropriate established industry or other standard (ISO, NIST, etc.)
- Identify and evaluate technology risks internally and/or at third parties, internal controls which mitigate risks, and related opportunities for internal control improvements.
- Understand complex business and information technology management processes.
- Assess application layer security controls to ascertain whether they comply with policies.
- Cloud/SAAS: Develop an understanding of the third parties' IT control environment and perform basic risk management approaches to evaluate their IT controls.
- Actively participate in decision making with third parties and internal Management for mitigating identified vulnerabilities.
- Performs assessments necessary to ensure the safety of information system assets and to protect systems from intentional or inadvertent access or destruction.
- Participate in 24/7 Security Incident Response team activity.
Full time security
VETERANS - VIP Protection / Physical Security Specialist Academy