Manager - Information Security, Technology Risk Management

DURATION: FULL TIME

• 7 to 10+ years of experience in IT Security, Risk & Compliance, or IT Audit. Experience and knowledge of information security concepts / principles and audit / risk assessment methodologies.
• Bachelor's Degree in Computer Science, IT, Security, or related field; Master's degree in related field a plus.
• CISA, CISM, CISSP, CRISC, PCI-QSA, CGEIT (certifications)
• must possess excellent oral and written communication skills with the ability to interact and communicate with technical personnel, non-technical personnel, and senior management
• The individual must be pro-active, flexible, and able to work independently, adjusting quickly to changing priorities and conditions.

• CIA IIA certifications a plus

• Conduct assessments of Information security controls to measure the effectiveness of controls and identify control gaps
• Identify, assess, and prioritize identified risks
• Collect evidence, artifacts, and document findings to support conclusions
• Report on compliance with internal policies, controls, and standards
• Provide recommendations for remediation of identified deficiencies
• Track and report on findings/deficiencies to closure
• Coordinate third-party risk assessments and audits, to include HIPAA audits, PCI DSS audits, Service Organization Controls (SOC) audits, SSAE 16 / ISAE 3402 audits, customer audits, and other compliance / regulatory audits
• Manage remediation efforts and report on the status of control deficiencies
• Support information security investigations
• Support security initiatives and global policy adherence and awareness efforts
• Ensure that new client engagements adhere to the required information security controls and policies
• Support global information security metrics and reporting program(s)
• Provide security expertise to business units and key stakeholders
• Enforce policy adherence and manage formal policy exception requests
• Ensure compliance to standards and regulations such as ISO 27001, PCI DSS, and state and national information security laws
• Identify and document contractual/client information security requirements
• Respond to information security requests, from various internal stakeholders, in a timely manner
• Provide timely updates on assessments and assigned projects
• Build relationships and partner with business units and IT departments