This closed position was filled. Check out our Jobs Search Page for our current open positions similar to this one.

JOB DESCRIPTION

Job #: 7006
Title: Information Security Risk Manager
Job Location: Kansas City, Missouri - United States
Employment Type:
Salary: $90,000.00 - $165,000.00 - US Dollars - Yearly
Employer Will Recruit From: Nationwide
Relocation Paid?: Negotiable

WHY IS THIS A GREAT OPPORTUNITY?


Information Security Risk Manager

 

Consults with information systems owners to categorize systems; select, implement and assess controls; and frame, assess and monitor risk.

JOB DESCRIPTION

Essential Job Responsibilities (include but are not limited to the following):

 

  • Utilizes automated Governance, Risk and Compliance tools to track artifacts of the risk management lifecycle.
  • Maintains risk management documentation to monitor lifecycle progress, track acceptance decisions and catalog remediation actions.
  • Responsible for information security preparedness, policies, practices, and identifying and mitigating information security risks to applications, systems, infrastructure, and data.
  • Enforces information security policies and procedures by administering, and monitoring security reports; reviews SAFR documentation; and investigates possible security exceptions.
  • Assists in department self-audit, internal audit, external audit reviews, and risk assessments for the department and for end user departments.
  • Participate in IT security assessment of supplier (3rd party vendors and cloud services) and develop recommendations to improve security and mitigate security risks.
  • Delivers information risk management services including risk assessments for new and existing Information Technology (IT) automation products and projects
  • Defines and maintains information security non-compliance (exception) review and approval processes; provides recommendations on information security non-compliance situations.
  • Assists in the execution of SOX (COSO) compliance activities by testing, collecting, and reporting results to management.

QUALIFICATIONS

 Knowledge/Skills:

 

  • Bachelor’s Degree in Computer Science, Information Systems, or other related field, or equivalent combination of work experience and education. 
  • 5 or more years of IT and business/industry work experience encompassing project management, information security, risk management and compliance.
  • Industry recognized certifications within the domain of information security, information technology and project management (e.g., CISSP, GIAC, CISM, CISA, PMP, etc.) considered a plus and recognized as an indication of work experience.
  • Working knowledge applying risk management frameworks such as NIST and FISMA
  • Knowledge of regulatory compliance initiatives related to Sarbanes Oxley/SOX (COSO control framework)
  • Working knowledge of GRC automated tools (e.g. RSAM)
  • Demonstrates knowledge of the Fifth District and National Product Office’s businesses and applies this knowledge to initiatives in assigned areas of responsibility (e.g. COSO/FISMA/SAFR/NIST)
  • Intermediate knowledge of risk management policies, initiatives, and procedures
  • Knowledge of information security fundamentals, and information security policies and procedures
  • Experience working with internal and external auditors
  • Excellent oral and written communication skills, as well as the ability to convey technical and security related issues to business audience
  • Proficient in the design and implementation of effective IS controls
  • Evidence of ability to create new processes to improve security and compliance with minimal oversight

Education:
University - Bachelor's Degree/3-4 Year Degree