Information Security Risk Manager

• 10 plus years' experience with IT risk at a management level (not managing people)
• Contract and contractor to perm talent
• Shortlisting top 15 resumes for HM to review
• Interview process: 2 rounds
• Looking for someone who is hands on doing the application risk assessment
• IT Risk & Control Assessment (identify, assessment, response, monitor the IT risk, etc.)

Job Description:

• Extensive experience and expertise in IT Governance, Risk, and Compliance Management, with at least 10+ years of progressive leadership in the areas of IT risk strategies/ cybersecurity/ business resiliency, principles, processes and deliverables.
• A bachelor’s degree in Computer Science, Cybersecurity, or a related field, or equivalent experience.
• Experience in developing and communicating new workflows and processes.
• Experience in performing IT risk profiling, IT risk assessment, treatment, monitoring, and reporting with an understanding of the legal implications of risk and compliance.
• Experience in managing GRC services and products to drive efficiency IT Risk Management program.
• Excellent understanding of modern IT Risk & Compliance concepts and methodologies.
• Excellent understanding of IT & Cyber principles, Cyber technology, project management, program strategy, and software development lifecycle.
• Strong knowledge of IT policies, laws, standards, and frameworks (e.g., ISO31000, ISO27000, PCI DSS, COSO, NIST).
• Knowledge of IT industry trends and emerging technologies.
• Ability to build strong relationships with senior leaders and influence strategic direction.

Required: Certification - At minimum, one of the following certifications:

• Certified Information Systems Security Professional (CISSP) (preferred over the others)
• Certified in Risk and Information Systems Control (CRISC)
• Or other certifications

Preferences: Familiarity will GRC technology platforms (e.g., ServiceNow, Archer, etc.)

• ServiceNow Integrated Risk Management (IRM) tool (preferred)