Responsibilities:

  • Perform current state risk assessments, continual risk assessments, gap analysis, risk metrics and reporting, risk convergence IT risk and control framework design, and integrated operational risk management
  • Identify and prioritize risk based on impact and likelihood, inherent vs residual
  • Maintain and monitor Information Security Risk Exception process to ensure identification of areas of high risk
  • Monitor and advise on information security issues related to the systems and workflow to ensure the internal security controls for the campus are appropriate and operating as intended
  • Provides coordination and support for execution of IT security projects
  • Monitors regulatory compliance with enterprise security policies and educates department leaders on compliance efforts
  • Create and manage an information security awareness program to customize communication tools and campaigns for each department and the roles.
  • Coordinates business continuity planning efforts across departments
  • Understands the different levels of risk tolerance and risk exposure across the organization and balance this with risk investments.
  • Sets standards and policies for information sharing on internal and external platforms
  • Collaborate with IT management, the legal department, safety and security, others to manage security vulnerabilities
  • Consults with program/project teams to fit solutions to architecture across all viewpoints
  • Understands, advocates, and supports the enterprise’s business and IT strategies
  • Ensures that the optimal governance structure and compliance activities (such as exception requests) are associated with identified risks
  • Analyzes industry, technology, and market trends to determine their potential impacts on the enterprise
  • Analyzes the current business and IT environment to detect critical deficiencies and recommends solutions for improvement
  • Proactively shares knowledge of technology risks and opportunities to improve efficiency and effectiveness of the Cyber Security and Enterprise Architecture
  • Partners with business leadership and other key stakeholders to define opportunities and prioritize IT Business Requests and projects based on predefined criteria (e.g. return on investment, productivity, compliance, legal, operational risk reduction, and contractual requirements)

Qualifications:

  • One or more industry certifications such as CISSP, CISM, CRISC, GSEC and CISA required
  • Must understand the current security threats model and demonstrate a strong willingness to stay at the forefront of security developments
  • Knowledge of risk assessment methodologies, IT policies and standards development
  • Working knowledge of common IT security impacted regulations and/or standards such as ISO/IEC 27001/2, NIST, PCI, and HIPAA.
  • Experience with audit processes and disciplines including third party risk management.
  • Working knowledge of industry leading GRC practices
  • 5+ years of experience in an IT Security/IT Risk environment with a large regulated organization
  • Experience with development and administration of risk assessments, reviews, corrective action planning
  • Must possess strong oral and written communication skills to assist in maintaining documentation, updating manuals, and producing reports
  • Have the ability to multi-task and adjust to shifting priorities, have keen analytical skills and be a critical thinker, as well as exhibit a high-level of attention
  • Must be highly motivated, dependable, and punctual

To apply for this job email your details to careers@wati.com

Menu