Information Security Risk Management Specialist

What you'll do

• Perform risk and security assessments of applications, databases, and servers and supporting network technologies, such as routers, switches, access points, to identify, evaluate, and prioritize risks.
• Responsible for security controls, processes and architecture consultation, design and monitoring.
• Responsible for overall access control risk management including but not limited to auditing current access controls to identify potential risks, making recommendations for improvement in security and tracking remediation.
• Responsible for conducting risk assessments against various regulatory compliance such as HIPAA, PCI, etc. and industry recognized security frameworks.
• Develop and execute corrective action and remediation plans for identified issues, risks or vulnerabilities.
• Analyze and assess security incidents and escalate incidents by following incident plan.
• Develop and maintain standard practices and procedures for appropriate response to identified threats.
• Monitor activities and events to detect, classify and act upon anomalous behavior appropriately in a timely manner.
• Assess potential risks and vulnerabilities to develop baselines and assist with response to deviations.
• Work with IT teams to solve information security system problems and issues in a timely and accurate manner.
• Assess emerging technologies against security architecture to determine where they fill gaps, overlap with existing solutions or extend capabilities.
• Participate in annual security audits, incident response exercises, security reporting, audit and compliance support.
• Work with the information security team to provide security incident escalation support and remediate security issues.
• Perform reviews and assessments of security controls before hardware / software is migrated to production.
• Work with business units to ensure vendors are reviewed through the vendor risk management process and are in compliance with applicable regulations and standards.
• Develop and maintain risk registers and other risk management documentation.
• Monitor and report on the effectiveness of risk mitigation strategies and plans.
• Support the development and testing of disaster recovery and business continuity plans.
• Oversee security awareness program, including phishing campaigns, periodic training and tracking compliance.

Qualifications

• Minimum of 5 years of experience in IT security risk management, a security operations center and / or system administration role.
• 3 years of experience assessing security controls and processes, vulnerabilities, regulatory and legal changes, and security standards that may impact the security of systems or data.
• Hands on experience managing security and governance, risk and compliance tools.
• Ability to write security requirements and design documents.
• Experience in access control and identity management for on premise and cloud environments.
• Bachelor’s degree in Computer Science, Information Systems, Network Security Engineering or related major or equivalent work experience.
• CISSP, CRISC, CISA or equivalent certifications would be considered an asset.
30+ days ago