Coordinate and support the information security risk identification and management process across the organization. Responsible for the implementation, coordination, maintenance and improvemen1 of the information security risk management program. Responsibilities include collaborating with appropriate stakeholders to coordinate and conduct risk assessments, appropriately documenting and managing identified risks to an acceptable level, monitoring progress and providing regular updates to leadership. Make recommendations for mitigations, corrective action plans, projects and strategic initiatives, to manage risk to an acceptable level. Coordinate and drive strategic information security governance and compliance activities.
Work Experience: Minimum of 3 years of experience in information technology and/or information security, risk management or compliance. Experience in risk and compliance management and process development in the areas of information technology and security required. Recent hands-on work experience with at least one of the following frameworks: HITRUST CSF, ISO 27001, ISO 27005, ISO 31009, and NIST SP800-30 preferred. Direct governance, risk, and compliance experience strongly preferred. Leading, coordinating or managing projects in a complex enterprise environment is preferred.
Education, Certificates, Licenses: Bachelors in Risk Management, Finance, Business or related field is strongly preferred. Has training in and/or pursuing certifications in the area of information security, project management and technology auditing including, CISSP, CRISC, CTPRP, CISM, CGEIT, CISA, GIAC GSEC, and/or PMP.
Knowledge: Solid understanding of common risk assessment and management methodologies.
Strong knowledge of information security including a basic understanding of Third Party Risk Management, information security controls, industry standards and best practices such as the NIST 800 series, NIST CSF, HITRUST, OCTAVE, and ISO 27000 series necessary. Customer service oriented, and commitment to establishing and maintaining positive and healthy working relationships.
Environment: Work inside in a general office setting with ergonomically configured equipment. Position may require travel, which is not expected to exceed 5% of the time.
Physical Requirements: Stoop and bend. Sit and/or stand for extended periods of time while performing core job functions. Repetitive motions to include typing, sorting and filing. Light lifting and carrying of files and business materials. Ability to read and comprehend both written and spoken English. Communicate clearly and effectively.
Disclaimer: This job description indicates the general nature and level of work performed by employees within this position and is subject to change. It is not designed to contain or be interpreted as a comprehensive list of all duties, responsibilities, and qualifications required of employees assigned to this position. Employment remains AT-WILL at all times.
PacificSource is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to status as a protected veteran or a qualified individual with a disability, or other protected status, such as race, religion, color, national origin, sex, sexual orientation, gender identity or age.