Cyber Security Risk Manager

Cleveland, OH
Full-time
Salary: $60,000.00 to $85,000.00 /year


OVERALL RESPONSIBILITY

CYBERSECOP is seeks an Information Security Risk Manager will be responsible for supporting planning, and executing client and internal IT Security projects. The Information Security Risk Manager will serve as a project or team lead to ensure high-quality delivery. This position will perform work independently in addition to working with a team of other CYBERSECOP resources, vendor resources, and resources from our partner ecosystem. They will report to the Chief Information Security Officer.

  • The Position will required occasional traveling.
  • This is a full-time position offering full benefits, a competitive salary and performance-based bonuses

KEY AREAS OF RESPONSIBILITY

This position will be involved in both presales and post sales activities including:

  • Experience with IT Compliance and Audit Standards of ISO 27000 series, SOC and SSAE
  • Experience with Data Protection and Data Privacy- GDPR, DPIA, CCPA, Privacy Assessments
  • Managed Information Security Policy and Regulatory Compliance implementation with OWASP, FISMA, HIPAA, PCI- DSS, GLBA, SOX, COBIT, COSO, FFIEC, NIST, ISO 27001, ISO 27002, DFARS NIST SP 800-171 and GDPR
  • Governance and Compliance experience with ISO 31000, COBIT, ISO 27001, ISO 13485,
  • ISO 27017, ISO 27018, ISO 22301, PA DSS, PII and PHI
  • Strong understanding of information technology controls and security experience in a widely used financial application environments like (SAP, Oracle, JD Edwards, PeopleSoft, etc.)
  • Experience in Enterprise Risk Management frameworks – COSO ERM, ISO 31000, ISO 27005,NIST 800-30, FAIR, OCTAVE
  • Experience leading and managing IT Risk, Governance, Security and Audit frameworks (COBIT, COSO, ISO 27001/2/5, NIST 800-53, NIST SP 800-171, SSAE 18, SSAE 16, Basel II)
  • Experience in developing a compliance schedule tailored for SSAE 16/SOC and ISO 2700x Audits
  • Experience and strong knowledge of Internal Controls over Financial reporting including SOX 404, SOC 1 Audit reports, COSO, US GAAP, ITGC, PCOAB and IIA Standards
  • Managed and lead Regulatory & legal security standards such as PCI DSS, Sarbanes-Oxley, HIPAA
  • Experience with computer security procedures and protocols and experience with Security Information Event Management tools (SIEM), Intrusion Detection & Prevention Systems (IDS/IPS), Firewalls & Log Analysis, Network Behavior Analysis tools, Antivirus, and Network Packet Analyzers and malware analysis. Monitored Security State and managed continuous monitoring
  • Implemented Security Controls, Common Security standards, Practices and Risk frameworks – FAIR, ISF, NIST, OCTAVE, STRIDE, ISO 27005 and ISACA
  • Risk Assessment and GAP Analysis performing GAP analysis w.r.t. Security, Privacy and Compliance of regulatory standards and reported Risk factors.
  • Experience with Cloud Security Alliance (CSA) and Cloud technologies (Aws, Azure, GCP) in implementation of SaaS based security controls.
  • Experience with IT Processes (i.e., ITIL) including Incident, Problem, Defect, Change and Release Management

*

  • Effective communication of the value CYBERSECOP brings to its customers
  • Correspond with a variety of clients and communicate security issues, recommendations, and deliverables effectively
  • Periodically perform risk assessments of the systems and business processes to verify compliance of the Corporate Security Standards and prioritize the remediation of gaps based on risk to the organization. Coordinate the remediation of all gaps identified
  • Working with clients on compliance readiness (e.g. HIPAA, PCI, SOX, ISO etc.)
  • Risk management and threat model experience
  • Mentoring of junior level personnel

QUALIFICATIONS

  • MBA degree required, training in Computer Science, Computer Engineering, or Information Systems
  • Minimum of 5 years of Information Security experience, preferable with a previous Integrator or VAR
  • Knowledge of 21 CFR Part 11, Annex 11 Regulations and Good Manufacturing Practice (GMP)
  • Certified ISO 31000 Lead Risk Manager
  • Certified ISO 27001 Lead Auditor
  • ISACA COBIT 5 Foundation
  • SANS GIAC Certified in Fundamentals of Information Security Policy (GFSP)
  • ITIL Foundation
  • CISSP
  • Track record of successful business development and the ability to plan strategically
  • Ability to establish and cultivate relationships with key stakeholders and gain a solid understanding business requirements
  • Proven success with managing technology vendor relationships
  • Superior analytical, interpersonal, writing, and verbal communications skills
  • Demonstrated strength in communicating complex concepts effectively and persuasively to individuals
  • Ability to handle multiple simultaneous projects

Job Type: Full-time

Go to all jobs