Information Security Risk Manager
|Kansas City, Missouri - United States
$90,000.00 - $165,000.00 - US Dollars - Yearly
WHY IS THIS A GREAT OPPORTUNITY?
Information Security Risk Manager
Consults with information systems owners to categorize systems; select, implement and assess controls; and frame, assess and monitor risk.
Essential Job Responsibilities (include but are not limited to the following):
- Utilizes automated Governance, Risk and Compliance tools to track artifacts of the risk management lifecycle.
- Maintains risk management documentation to monitor lifecycle progress, track acceptance decisions and catalog remediation actions.
- Responsible for information security preparedness, policies, practices, and identifying and mitigating information security risks to applications, systems, infrastructure, and data.
- Enforces information security policies and procedures by administering, and monitoring security reports; reviews SAFR documentation; and investigates possible security exceptions.
- Assists in department self-audit, internal audit, external audit reviews, and risk assessments for the department and for end user departments.
- Participate in IT security assessment of supplier (3rd party vendors and cloud services) and develop recommendations to improve security and mitigate security risks.
- Delivers information risk management services including risk assessments for new and existing Information Technology (IT) automation products and projects
- Defines and maintains information security non-compliance (exception) review and approval processes; provides recommendations on information security non-compliance situations.
- Assists in the execution of SOX (COSO) compliance activities by testing, collecting, and reporting results to management.
- Bachelor’s Degree in Computer Science, Information Systems, or other related field, or equivalent combination of work experience and education.
- 5 or more years of IT and business/industry work experience encompassing project management, information security, risk management and compliance.
- Industry recognized certifications within the domain of information security, information technology and project management (e.g., CISSP, GIAC, CISM, CISA, PMP, etc.) considered a plus and recognized as an indication of work experience.
- Working knowledge applying risk management frameworks such as NIST and FISMA
- Knowledge of regulatory compliance initiatives related to Sarbanes Oxley/SOX (COSO control framework)
- Working knowledge of GRC automated tools (e.g. RSAM)
- Demonstrates knowledge of the Fifth District and National Product Office’s businesses and applies this knowledge to initiatives in assigned areas of responsibility (e.g. COSO/FISMA/SAFR/NIST)
- Intermediate knowledge of risk management policies, initiatives, and procedures
- Knowledge of information security fundamentals, and information security policies and procedures
- Experience working with internal and external auditors
- Excellent oral and written communication skills, as well as the ability to convey technical and security related issues to business audience
- Proficient in the design and implementation of effective IS controls
- Evidence of ability to create new processes to improve security and compliance with minimal oversight
University - Bachelor's Degree/3-4 Year Degree