Information Security Risk Manager at Technology Consulting, Inc.
Louisville, KY
About the Job
TCI has an immediate need for an Information Security (IS) Risk Manager in Louisville KY or Washington D.C. area. This not a C2C opportunity. This is a 3-6 month contract opportunity with possible extensions.
SUMMARY
The I.S. Risk Manager is tasked to protect information assets. This role is a core function of the broader Information Security team and is tasked with continually improving the security posture of the company through providing security-related guidance, developing and assessing compliance with security policies and standards, executing the security risk management approach, and evangelizing security matters throughout the company. The Information Security Risk Manager will manage a program to identify, classify, remediate, and mitigate security risks and vulnerabilities throughout the company. Key duties to include:
SUMMARY
The I.S. Risk Manager is tasked to protect information assets. This role is a core function of the broader Information Security team and is tasked with continually improving the security posture of the company through providing security-related guidance, developing and assessing compliance with security policies and standards, executing the security risk management approach, and evangelizing security matters throughout the company. The Information Security Risk Manager will manage a program to identify, classify, remediate, and mitigate security risks and vulnerabilities throughout the company. Key duties to include:
- Continually seek to improve the firm’s security risk assessment methodology
- Perform risk assessments of business processes, security controls, and technology architecture based upon industry standard requirements
- Mature the firm’s IT and Security Risk Program while enhancing underlying risk registers, security questionnaires and surveys to aid in the effective execution of risk assessments
- Communicate and mature security metrics
- Recommend security controls and/or corrective actions for mitigating technical and business risks
- Manage projects and enhance solutions that result from assessment findings and recommendations
- Research, identify, and consult with subject-matter experts to recommend risk mitigating solutions
- Support the security awareness program to improve overall security maturity across the firm
- Manage and maintain exceptions to the firm’s established policies, standards and industry norms
- Develop trend reporting to identify areas of focus and risk concentration
- Manage and enhance the firm’s security policies
- 5+ years of experience across IT, Information Security, Risk Management, and/or Program Management domains.
- 2 + years of experience working for large scale enterprise (1,000+ employees).
- 2+ years of experience in risk management and security governance.
- Solid working knowledge of established risk and security control frameworks ISO 27001 and/or NIST.
- Ability to communicate information about the vision and direction of our information security program to firm leadership.
- Must be able to communicate clearly and effectively with people from all levels.
- Strong verbal and written communication skills, including the ability to translate risk management concepts into business language.
- Information Security certifications preferred (CISSP, CISA, CRISC, etc.)