|
Search Jobvertise Jobs
|
Jobvertise
|
Manager - Information Security, Technology Risk Management Location: US-IL-Deerfield Email this job to a friend
Report this Job
JOB TITLE: Manager - Information Security, Technology Risk Management LOCATION: Remote Base DURATION: FULL TIME Must-Haves - 7 to 10+ years of experience in IT Security, Risk & Compliance, or IT Audit. Experience and knowledge of information security concepts / principles and audit / risk assessment methodologies.
- Bachelor's Degree in Computer Science, IT, Security, or related field; Master's degree in related field a plus.
- CISA, CISM, CISSP, CRISC, PCI-QSA, CGEIT (certifications)
- must possess excellent oral and written communication skills with the ability to interact and communicate with technical personnel, non-technical personnel, and senior management
- The individual must be pro-active, flexible, and able to work independently, adjusting quickly to changing priorities and conditions.
Nice-To-Haves - CIA IIA certifications a plus
RESPONSIBILITIES - Conduct assessments of Information security controls to measure the effectiveness of controls and identify control gaps
- Identify, assess, and prioritize identified risks
- Collect evidence, artifacts, and document findings to support conclusions
- Report on compliance with internal policies, controls, and standards
- Provide recommendations for remediation of identified deficiencies
- Track and report on findings/deficiencies to closure
- Coordinate third-party risk assessments and audits, to include HIPAA audits, PCI DSS audits, Service Organization Controls (SOC) audits, SSAE 16 / ISAE 3402 audits, customer audits, and other compliance / regulatory audits
- Manage remediation efforts and report on the status of control deficiencies
- Support information security investigations
- Support security initiatives and global policy adherence and awareness efforts
- Ensure that new client engagements adhere to the required information security controls and policies
- Support global information security metrics and reporting program(s)
- Provide security expertise to business units and key stakeholders
- Enforce policy adherence and manage formal policy exception requests
- Ensure compliance to standards and regulations such as ISO 27001, PCI DSS, and state and national information security laws
- Identify and document contractual/client information security requirements
- Respond to information security requests, from various internal stakeholders, in a timely manner
- Provide timely updates on assessments and assigned projects
- Build relationships and partner with business units and IT departments
Hiresigma
|