Manager, Information Security Risk

$175,000 - $200,000 yearly
  • The Resume Review - Recruiting Department
  • Chicago, IL, USA
  • Sep 08, 2021
Full time Information Technology

Job Description

Job description
The Information Security and Technology Risk team is seeking an experienced Information Security Risk Manager. This company is committed to reducing cyber risk through the implementation of a robust risk management framework oriented around the lines of defense model. The Information Security Risk Manager will help to manage overall efforts of the Information Security Risk second line practice area including cybersecurity testing, risk assessments, consulting and identity / access management validation. Duties include providing leadership, consultative guidance and participation in information security decisions with peers and senior management.
 
As lead for the program you will: 
•    Have strong technical proficiency in the field of information security
•    Contribute to the development and implementation of information security risk framework, policy and reporting
•    Provide technical and risk management guidance during the execution of activities
•    Oversee validation efforts, including technical security testing
•    Be comfortable in developing and delivering communications to a variety of audiences, including senior stakeholders
•    Liaise with Audit and be point of contact for regulatory engagement
•    Have experience managing programmes and / or service delivery
 
Qualifications: Knowledge / Skills
•    Excellent written and verbal communication skills
•    Ability to work collaboratively and challenge constructively
•    Extensive knowledge of systems security architecture, excellent consultative skills, strong analytical ability and ability to work effectively with clients and IT management and staff. Analytical skills are needed to analyse and evaluate technical information
•    Knowledge of basic system, network, and operating system hardening techniques 
•    Knowledge of Information Assurance (IA) principles and tenets (confidentiality, integrity, availability, authentication, non-repudiation) 
•    Knowledge of network security architectures, Defence-In-Depth principles, and technology administration security concepts
•    Knowledge of what constitutes a security or technology “threat” to a large enterprise

Experience 
•    Bachelor degree in Computer Science or other related discipline and at least 10 or more years of information security, technology, and technology risk-focused experience.  
•    Relevant industry certifications such as CISSP, CISM, CRISC, OSCP, or GPEN
•    Experience with core concepts and implementations of identity and access management solutions
•    Experience in working with senior level stakeholders in a consultative and/or advisory capacity
•    Experience in presenting to executive management
•    Experience with enterprise risk assessment methodologies
•    Experience in project delivery/programme management
•    Experience in a financial services environment