Manager, Information Security Risk Management
Location: Englewood, CO (5 days a week)
Max Salary: up to 120K/year
Client has an exciting opportunity for a Manager, Information Security Risk Management (Risk Manager) at our Headquarters location in Englewood, Colorado. The Risk Manager is a key leadership role in our Information Security and Governance, Risk, and Compliance (GRC) teams. This position is full-time, permanent, has supervisory duties, and is salaried with standard work hours, and requires very little travel. We are looking for someone who can start immediately.
The Risk Manager will function as a central Information Security subject matter expert supporting enterprise teams, including managing the team of Information Security Business Partners and the Third Party Risk Management Analysts. They will work within the GRC team to mature the current risk management programs, such as risk assessment execution, control testing and monitoring, and procedure documentation. The Risk Manager will also provide cyber security advice to business partners to effectively manage risk to the business and will validate that security and technology controls are implemented to support business and security requirements.
Primary responsibilities of the Manager, Information Security Risk Management include the following:
- Partner with Business Units to identify, analyze and mitigate security risk, internal and third party, associated with activities executed throughout the enterprise.
- Act as team lead across information security risk management activities including internal and third party risks.
- Supervise teams responsible for assessing, managing, and monitoring internal and external security risk.
- Provide security consultation for new and ongoing enterprise initiatives.
- Consult on defining security policies and best practices.
- Educate and build awareness of security requirements across the organization.
- Improve compliance with security standards and policies across enterprise teams.
- Participate in testing and monitoring of security and privacy controls executed by enterprise teams.
- Lead security enhancement projects focused on new or changing technologies.
- Publish executive-level security reporting across governance, risk, and compliance activities.
The successful candidate will possess the following qualifications:
- Project Management
- Self-led Learner
- Customer First Mentality
- Strong Adaptability
- Process Documentation Management
- Process Mapping Development
- Presentation Skills
- Communication w Executives
- Team Leadership
- Can Interpret Regulations and Compliance Requirements
- Thought Leadership
- Cross-functional Team Leadership
- Strategic Thinking and Planning (Team)
- Brand & Team Ambassador
- Expert Risk Management Foundation
- Expert Information Security Foundation
- Expert Security Control Framework Foundation
- Advanced Data Privacy Foundation
- Can Teach/Educate Risk & InfoSec Principles
- Can Consult Business Leaders on Risk and InfoSec Principles
- Can Develop Metric Dashboards
- Experience Contributing Through Others
- Detailed Knowledge of Most GRC Functions
- Requires a well-organized, cheerful and persuasive individual, who can manage multiple priorities at once.
- Must have good meeting management and communication skills to keep conversations focused and productive.
- Must be self-driven; able to manage schedules, meet deadlines, coordinate with others, and perform tasks with minimal supervision.
- Must have the ability to work with a diverse audience, under tight deadlines, and negotiate successful outcomes to challenging problems.
- Analytical aptitude with an emphasis on investigative, methodical critical questioning and logical thinking; a data-driven decision maker.
- High-level interpersonal skills.
Education and Experience:
- Bachelor’s Degree (or equivalent experience) and at least 3-5 years of directly related experience. Must have a solid understanding of SOX, PCI, CPNI, CCPA, FACTA and similar IT Compliance and Privacy regulations.
- Strong understanding of risk mitigation methodologies and regulatory requirements pertaining to information security, privacy, and/or data security.
- Professional certification (CISA, CRISC, CSIM, CIA or similar) is highly desired. Candidates who apply will be tested in several areas, including verbal/spelling, math/logic and business problem-solving, and must meet minimum standards to be considered for this position.
< Back to Job Search