What we're looking for...
The position will assist with the development, implementation, and execution of an corporate risk management/assessment program including performing risk assessments and contract evaluations for vendors and customers. The position requires a strong understanding of information security controls, including frameworks such as NIST and ISO27001. Additionally, this position requires that the applicant have a strong understanding of the risk frameworks, operational risks, and the execution of risk management processes and governance.
What you'll be doing...
- Manage the overall capabilities and operating framework of the Risk Management Program (structure, people, and project delivery processes), articulating the service delivery process, and managing the measurement metrics.
- Coordinate and perform a full cycle of the third-party security risk management activities, including risk identification, assessment, mitigation, monitoring, and reporting
- Coordinate and conduct Vendor Risk assessments, review documentation provided (including independent assessments, certifications, pen-test, etc.) and issue reports
- Coordinate and conduct customer security reviews
- Collaborate with internal and external auditors to ensure that appropriate controls are installed, operating properly, and being monitored and reported
- Support inquiries into the cybersecurity program and its operations. Respond to client questionnaires and support client engagements.
- Understand and keep abreast of emerging technologies and how they can impact the business.
- Significant experience in collaborating across organizational boundaries and building partnerships across various functions
- Comply with delivery SLA's and provide periodic status updates including potential risks and delays to the project delivery to project manager.
- Support various GRC efforts such as third party due diligence, security awareness and data loss prevention
Qualities you possess...
- Bachelor's Degree or equivalent required
- Applicable certifications are desired
- 5 years experience in IT audit/Security Assessment/Certification
- Understanding of third-party risk management techniques, security IT control evaluation, and security control management lifecycle
- Professional designations preferred: CISSP, CRISC, CISA, CTPRP, CDPSE, Security+, CISM
- Proven experience in Information Security and Risk Management and/or compliance
- Prior experience assessing SOC 2 reports is preferred
- Able to resolve highly complex and technical business problems.
- Familiarity with GRC tools and 3rd party risk assessment tools
- Strong understanding of information security principles, architecture, and methodologies (including control design and risk assessment)
- Solid understanding of IT audit and security control evaluation methodologies
- Solid understanding and experience with security risk management, covering the full lifecycle of activities, including risk identification, assessment, mitigation, monitoring, and reporting
- Understanding of COBIT, ISO27000, NIST CSF, SOC 2and/or HITRUST frameworks
- Knowledge of single sign-on integration with on premise and cloud toolset
- Knowledgeable of Network Design and Project Management methodologies
- Highly Organized and Self-Motivated, with Strong attention to detail
- Excellent written and verbal communication skills
- Highly Adaptable to changing priorities (high flexibility)
About ScienceLogic
ScienceLogic is a leader in IT Operations Management, providing modern IT operations with actionable insights to resolve and predict problems faster in a digital, ephemeral world. Its solution sees everything across cloud and distributed architectures, contextualizes data through relationship mapping, and acts on this insight through integration and automation.
www.sciencelogic.com