Information Security Risk Resume Samples
4.8
(75 votes) for
Information Security Risk Resume Samples
The Guide To Resume Tailoring
Guide the recruiter to the conclusion that you are the best candidate for the information security risk job. It’s actually very simple. Tailor your resume by picking relevant responsibilities from the examples below and then add your accomplishments. This way, you can position yourself in the best way to get hired.
Craft your perfect resume by picking job responsibilities written by professional recruiters
Pick from the thousands of curated job responsibilities used by the leading companies
Tailor your resume & cover letter with wording that best fits for each job you apply
Resume Builder
Create a Resume in Minutes with Professional Resume Templates
CHOOSE THE BEST TEMPLATE
- Choose from 15 Leading Templates. No need to think about design details.
USE PRE-WRITTEN BULLET POINTS
- Select from thousands of pre-written bullet points.
SAVE YOUR DOCUMENTS IN PDF FILES
- Instantly download in PDF format or share a custom link.
KG
K Goldner
Kathryne
Goldner
2259 Antwan Hill
Detroit
MI
+1 (555) 180 1763
2259 Antwan Hill
Detroit
MI
Phone
p
+1 (555) 180 1763
Experience
Experience
Phoenix, AZ
Information Security Risk
Phoenix, AZ
Schmitt-Kris
Phoenix, AZ
Information Security Risk
- Identify opportunities to improve risk posture, developing solutions for remediating or mitigating risks and assessing the residual risk
- 3) Manage Process Health Dashboard to aid in identification of GIS control gaps/weaknesses
- 6) Identify, measure, monitor and control risk through sound risk management
- Maintain strong working relationships with individuals and groups involved in managing information risks across the organization
- 2) Maintenance of Process Risk Control (PRC) inventory and management of the GIS Risk Control Self Assessment
- Perform focused risks assessments of existing or new services and technologies
- Contribute to Cyber assessment metrics and GRC reporting to senior management to influence risk based results
New York, NY
Information Security Risk Management Consultant
New York, NY
Champlin-Yundt
New York, NY
Information Security Risk Management Consultant
- Assists in Establishing Enterprise-Wide Information Security policies, procedures & standards
- Develops strong partnerships with business clients, application developers, software vendors and other technical resources
- Leads compliance related projects, as assigned, performing all aspects of project management
- Develops, delivers and maintains an ongoing Information Security & Privacy Awareness program
- Supports cross-organizational IT/Business functions in technical choices for a variety of large, strategic efforts by applying knowledge of Unum’s security framework and technical environment
- Shares security knowledge and expertise in multiple cross-organizational enterprise forums. Communication audience, negotiation partners, and sphere of influence extend across the enterprise, including vendors and senior level managers
- Coordinate and oversee the management and implementation of DLP technologies and processes, playing a key role in maintaining, testing and reviewing DLP rules
present
San Francisco, CA
Information Security Risk Specialist
San Francisco, CA
Paucek, McKenzie and Boyle
present
San Francisco, CA
Information Security Risk Specialist
present
- Supports the Divisional Information Security Officers, and Operational Risk Managers with the implementation of the operational risk framework and ensures alignment with Data Protection risk taxonomy
- Assesses known information security weaknesses and the adequacy of associated remediation activities
- Builds close links with the US Region in relation to Information Security risks and issues
- Oversees the development of the information security framework and governance, ensuring completeness of functional and geographical coverage
- Establishes and maintains strong links within the industry to ensure that Information Security related industry news and regulatory developments are embedded within the Framework and provides a view on future developments
- Supports the analysis of root causes on information security risk events and, where deemed relevant, provides benchmarking analyses on events that occurred in the industry
- Acts as an advisor and Subject Matter Expert for information security related risk assessments, incident analysis and strategic initiatives as well as in the development and introduction of relevant business initiatives
Education
Education
Bachelor’s Degree in Computer Science
Bachelor’s Degree in Computer Science
University of Delaware
Bachelor’s Degree in Computer Science
Skills
Skills
- Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one
- Strong organization skills with the ability to prioritize requests and workload accordingly
- Strong leadership skills and qualities which enable you to work with peers and various levels of management
- An ability to apply original and innovative thinking to produce new ideas and create innovative products, solutions, or approaches
- Strong documentation and process oriented background with leading and managing complex Technology projects
- An understanding of organizational mission, values, and goals and consistent application of this knowledge
- Ability to react to high pressure dynamic changing environments
- Detailed, bank specific risk management and governance experience
- Strong analytical skills/problem solving/conceptual thinking
- Ability to work with Technical and Non Technical business owners
13 Information Security Risk resume templates
Read our complete resume writing guides
1
Information Security Risk Engr Resume Examples & Samples
- 8+ Years of experience in technology and 5+years in information security
- 5+ years of risk management experience with proven ability to effectively apply risk principles to challenging business situations
- Must display strong subject matter experience in application security, vulnerability testing and development of a risk appetite
- Exceptional presentation and communication skills
- Financial Institution knowledge is strongly desired
2
Senior Consultant Information Security Risk Resume Examples & Samples
- Influence stakeholder compliance of regulatory standards while managing to deadlines
- US based position with interaction to all lines of business and functions globally
- Minimal travel required (<15%), Domestic & International
- Support 250,000+ across HSBC Group
- A Bachelor’s degree or equivalent experience in business, computer science or related field with ten to twelve years progressive experience in information security including a minimum five years experience working with diverse security products
- Ability to work in a diverse global environment
- Professional certifications in Information Security desirable (CISSP / CISM). Project Management certification a plus
- Experience with Sharepoint forms and workflows a plus
- Experience with information security incident response, insider threat detection, DLP technology (Symantec DLP, Vontu, ) a plus
3
Information Security Risk Control Lead Resume Examples & Samples
- Management of the IT Risk Control Program for GCIS, including the development and monitoring of key risk indicators
- Identifying risk by reviewing current policies and processes, identifying areas of potential risk to the organization, and partnering on the development of solutions to mitigate business exposure by leveraging strong analytical and process management skills
- Assist with process standardization efforts by performing policy gap analysis and recommending appropriate standardization opportunities
- Produce periodic IT Risk Control reporting on the status of Risk Control activities and monthly operating reviews for IT areas supported. Advise manager of any significant risks or control gaps when identified
- Lead global risk based assessments with cross functional project teams and provide recommendations on control enhancement opportunities based on prudent risk management disciplines. Summarize key risk assessment results into effective presentation materials and deliver key messages to appropriate levels of management
- Oversight of the corrective action program for GCIS
- Oversight of the MCA and Quality Assurance/Process Validation program within GCIS
- Management of all activities related to external/internal audits and reviews affecting GCIS
- Strong knowledge of IT general controls, Information Security methodology, industry standards and control frameworks (e.g. COBIT, ITIL, ISO)
- 5+ years working within a technology audit, risk, and/or compliance role (including IS)
- Strong ability to lead and motivate others within and outside areas of responsibilities
- Experience in conducting IT risk assessments and leading small teams
- Strong analytical skills, including strategic and critical thinking skills
- Demonstrated relationship building, influencing, and negotiation skills
- Strong judgment and decision-making skills
- Ability to prepare and present findings and recommendations to leadership teams
- Ability to operate in a virtual environment with global teams from various locations and businesses
- Bachelor's degree in a related field or equivalent work experience
- Strong skills with MS Word, PowerPoint, Excel and SharePoint
4
Information Security Risk Specialist Resume Examples & Samples
- Supports the Divisional Information Security Officers, and Operational Risk Managers with the implementation of the operational risk framework and ensures alignment with Data Protection risk taxonomy
- Ensures consistency of IS internal controls and operational risk assessments with ORC standards and agrees on control monitoring requirements (positive affirmation of effective performance)
- Identifies the key information security risk scenarios and supports the identification of the critical controls required within the functions
- Assesses known information security weaknesses and the adequacy of associated remediation activities
- Builds close links with the US Region in relation to Information Security risks and issues
- Oversees the development of the information security framework and governance, ensuring completeness of functional and geographical coverage
- Establishes and maintains strong links within the industry to ensure that Information Security related industry news and regulatory developments are embedded within the Framework and provides a view on future developments
- Supports the definition of Information Security training requirements and mechanisms to promote and instill a culture of Information Security risk management and awareness within the US Region
- 4+ years substantial experience within Information Technology, ideally in the Financial Industry, with a particular focus on Information Security relevant aspects
- Solid understanding of Information Technology, Information Security Frameworks (e.g. ISO 27000 series), Risk Management and IT Security
- Substantial experience in the analysis of Information Security Risk issues and their business impact
- Ability to setup business operational models for Information security at Regional level, including organization, operational processes and key performance indicators
- Team player with the ability to work independently and with other functions to organize, manage and complete projects within tight deadlines
- Interacts well with all levels of employees within a global organization
- LI-EL1
5
Head of Information Security Risk-rbwm Resume Examples & Samples
- Ensuring and facilitating the right level of buy-in from the Regional Heads of ISR and the Global Domain Heads and RBWM BRCM and BIRO to ensure effective support for RBWM programmes, projects and BAU activity
- Ensuring that the developed service model can meet the expected demand, as the environment will be and is changing at a rapid pace and will continue to do so
- Ensuring that we have the ability to measure the effectiveness of our own service delivery
- Managing scarce resources and the competing demands of stakeholders both within ISR and RBWM
- Providing effective coverage for all business critical requirements
- New role created and developed as demand for ISR coverage from RBWM was starting to surface as a result of the global business organisational shift towards a more globally focused engagement. This role now needs to be transferred to a full time position in order to ensure a level of global consistency and focus on the information security risk requirements across RBWM including Insurance and Asset Management
- The role holder will work with RBWM and with the Regional Heads of ISR, Global Domain ISR Heads and the respective Global Heads of ISR for GBM, GB, PB, CMB, and Global Functions
- Working directly and establishing relationships with relevant RBWM CROs, COOs, ORIC, BRCMs, BIROs and other business leaders
- 12-15 years of Information Security and Risk Management experience, with at least 5 of those at a senior management level; relevant Information Security and/or Risk Certifications (CISSP, CISM, CISA, etc.)
- Risk Management- Have an expert level and extensive amount of Information Security Risk and Information Risk Management knowledge to face off appropriately to the different risk managers in the Group and also external parties. Understanding of the Fraud and Risk characteristics of key products and channels
- Strategy / Vision - Be able to define and implement a vision and strategy for risk capability across RBWM and communicate to key stakeholders and get their buy-in
- Influence - Have significant gravitas that will be obvious to all parts of HSBC, which will enable face off to senior SFR managers and HTS stakeholders in order to win their confidence and help influence their decisions. Must be able to engage with senior business leaders, CROs, COOs, BRCMs, BIROs and board level management
- HSBC Knowledge – A detailed understanding of HSBC and how it works including people, process and technology
- Business Knowledge - Knowledge of all major areas of a Global Banking and Financial Services organization including Retail Banking, Investment Banking, Commercial Banking and Private Banking
- Technology Knowledge – Expert level of understanding of diverse technology including infrastructure, network and applications. Experience in large enterprise systems development lifecycle. Expert level of understanding of fundamental information security controls, principles and technology
- Change Delivery - A very strong change delivery track record in large global organizations. Demonstrated record of delivering global programmes
- Span of Control - A proven track record of managing large global complex areas in terms of operations, processes, headcount and budget
- Location – Willing to travel internationally to manage global responsibilities
- Style - A change agent who is not afraid to change the status quo in order to drive Group strategy with the discipline to recognize when existing people, process and technology can fulfill business needs
6
Program Manager for the Information Security Risk Management Program Resume Examples & Samples
- Manage day to day activities in executing the Information Security Risk Assessment program for the Global Information Security organization which includes
- Manage weekly working group meeting with global stakeholders
- Document policies and standards application to the IS Risk Assessment (ISRA, Application/Infrastructure ISRP) processes
- Drive business requirements discussions, develop product solution plans, document requirements based on stakeholders interaction
- Management and governance of supporting toolset
- Coordinate and manage projects or tasks to achieve effectiveness in the function
- Position requires excellent organizational skills and attention to detail
- Excellent project management and communication skills
- Prior experience in information security assessment processes
- Proficiency in Microsoft Word, SharePoint, Excel, PowerPoint
- Clear understanding of business segment and legal vehicle entity structure at Citi
- Ability to work independently and collaboratively across multiple disciplines, at varying levels of seniority
- Minimum: Bachelors degree
- Minimum 4-7 years of experience in Operational Risk, Technology Risk and/or Operations Risk related projects
- Minimum 3+ years experience with SDLC process and developing Business and Technical Requirements
- Track record of interfacing with and presenting results to Senior Management
- Knowledge and use of Microsoft Office products and communication skills in English are required
- Strong planning, organizing skills and presentation skills
- Experience with Internal Audit interaction
- Be flexible and able to effectively manage several projects simultaneously
- Able to work with global teams to track performance, communicate expectations, anticipate/recognize problems and escalate appropriately
- Ability to interact and communicate both written and verbally with multiple layers of management, between the business and the technology groups to effectively facilitate issues and requirements
7
Information Security Risk Management Analyst Resume Examples & Samples
- Work closely with individual Business Units, the Third Party Program Office and Contract Administration to provide Enterprise Information Security Risk Assessment support for vendor and third party assessments
- Bachelor's degree in Business, Computer Science, Management Information Systems or related fied
- Five to seven years of experience in Risk Management, Information Security, IT Audit, and/or Compliance, preferably in the finacial services industry
- Knowledge of credit risk management and/or financial reporting, regulatory and management reporting as it pertains to the credit portfolio
- Experience in Excel, Crystal, Visual Basic and SQL preferred
- Quantitative and statistical background
- Experience in developing and maintaining large databases
- Able to manage multiple projects
- Analytical and research skills
- Planning and organizational skills
- Personal computer skills
- Management and Presentation skills
- Quantitative and statistical skills
8
Information Security Risk Management Analyst Resume Examples & Samples
- Work closely with Third Party Program Office and Contract Administration to provide Enterprise Information Security Risk Assessment support for security vendor assessments
- Perform security assessments of vendors and third parties according to risk
- Coordinate with Security Engineering/Architecture to determine mitigating controls or other recommendations on an as-needed basis
- Identify/track the corrective action through third party and vendor findings as required
- Lead on-site security assessments at selected third party and vendors
- Prepare comprehensive reports on results
- Research industry trends and best practices as noted through organizations such as BITS, ISO, and COBIT
- Improve security processes through the identification and assessment of emerging third party management risks, corporate and regulatory standards, and comparison of the Enterprise Information Security’s vendor risk assessment program capabilities to industry standards
- Participate in audit response management and provide ongoing guidance to achieve and maintain security compliance
- Provide expertise and coordinate with other subject matter experts to mitigate information security risks and to correct compliance exposures and gaps
- Mentor junior staff on communication, industry trends, and best practices
- ISO/27000 Series
- BITS SIG/SAS-70/SSAE-16
- COBIT/SOX IT Control Testing
- Knowledge of security controls for the handling of Personally Identifiable Information (PII) data
- Knowledge of regulations and security compliance requirements affecting financial institutions
- Training in Risk Management or IT Audit Methodology strongly desired
- Technology risk or security certification preferred, e.g. CISSP, CISM, CISA, CRISC or equivalent
- Ability to exercise sound judgment regarding assessment findings and make effective recommendations to management
- Ability to work effectively on multiple projects within a team structure
- Ability to meet time sensitive deadlines
- Ability to work and achieve goals without constant supervision
9
Information Security Risk Consultant Resume Examples & Samples
- Bachelor’s degree in an IT related field (Intelligence, Computer Science, Information Security, etc). Equivalent experience will be considered in lieu of education
- 4-7 years of related IT experience preferable in an intelligence, computer security or cyber defense organization
- Highly effective communicator with exceptional analytical skills
- 4-5 years of experience or equivalent technical training in intelligence analytical platforms and/or information security tools
- Basic knowledge of network design and layout
- Effectively handle multiple tasks and priorities simultaneously while escalating any issues to management
- Customer oriented and comfortable working in a dynamic environment
- Effectively and accurately prioritize and assign tasks with a great attention to detail
- Security+, Net+, Certified Ethical Hacker (CEH), Certificate in Cyber Security, or related Certifications a plus
- Basic understanding of network signatures and regular expressions a plus
10
Information Security Risk Consultant Resume Examples & Samples
- Bachelors degree in an IT related field or equivalent experience
- 4-7 years of IT related experience
- Security Certification (CISA, CISM, CSSM, CISSP) or related security work experience a plus
- Equivalent experience would be acceptable in lieu of education
- Experience with writing business and technical documents
- Experience in successfully implementing information security program management requirements
- Experience in supplier relationship management and supplier control assessments
- Ability to collaborate well across teams / organizations
- Proficient knowledge and understanding of threats to information management and controls for information protection
- Knowledge of technology and security related issues, specifically understanding key information security and privacy regulatory requirements a plus
- Strong interpersonal and organizational skills along with analytical and problem solving skills
11
Information Security Risk Specialist Resume Examples & Samples
- Risk and Control Governance
- Chief Administrators Office
- Network Security Assessments
- Mergers and Acquisition (TRM due diligence and subsequent integration risk assessment)
- Technology Infrastructure and Network Security Assessments (35%)
- Other (10%)
- Assess firewall changes with a view to approval
- A thorough understanding of Risk Assessment approaches and methodologies
- A good understanding of normal network infrastructure such as VPNs, firewalls, switches, routers, LANs, etc
- Experience of formal document creation, such as the creation of reports or procedures
- Experience of carrying out risk reviews, technology audits or other similar work
- Strong MS Office skills (core applications)
- O o Archer Technologies SmartSuite Framework
- A keen eye for an opportunity to improve existing process and take the initiative to promote such an enhancement
- Candidate must be able to manage their own workload and run several tasks concurrently so as to meet the realistic targets and priorities set in conjunction with management. This is especially important because we work in an environment where priorities can change quickly and with little prior warning. Demonstrate a high-level of commitment and self-motivation, combined with enthusiasm and a genuine interest in the role of Risk Assessment in business
- Understands their own shortfalls and knowledge gaps. Not afraid to acknowledge a gap and work on strategies to address them
- BNY Mellon often goes through periods of change and it is therefore critical that this person adapts to changes in the organisation and job responsibilities and displays a positive attitude
- Able to express clearly and fluently, both orally and in writing. Considers the audience, avoiding technical jargon wherever necessary and appropriate
- Documentation must be professional, well structured and presented and require the minimum management review and revision. This is especially important
- Works well with others or individually. Supports the development of the team as a whole, places team before personal interests
- Shows respect for others and recognises their concerns and interests
12
VP, IT Sox & Information Security Risk Lead Resume Examples & Samples
- Develop business process mapping to assess and identify issues and gaps
- Develop, implement, and execute various processes to monitor regulatory related controls to ensure that they are being effectively executed
- Develop associated reporting and escalation processes, engaging management on appropriate actions
- Validate and review controls in light of key business projects, business changes and operational events to ensure ongoing compliance with key regulatory commitments
- 5-7+ years of experience with operational risk analysis
- 5-7+ years of experience with process improve
- 5-7+ years of experience with end-to-end process mapping and reviews
- 5-7+ years of experience with procedure documentation
- 5-7+ years of experience developing metrics and reporting tools
- Demonstrated experience performing control reviews to identify process and control breaks
- Controls awareness and experience required
- Minimum 5+ years experience in regulatory compliance, operational risk, audit or risk management
- Minimum 3 - 5 years experience in access administration, security administration, or similar field
- Experience working with Identity and Access Management tools and processes
- Strong data analytical and organizational skills (SQL or other database analytical skills)
- Ability to work independently and proactively to accomplish multiple objectives concurrently
- Demonstrated ability to work independently on projects and produce required results in a timely fashion
- Knowledge of Phoenix application and risk control self assessment (RCSA) is preferred
- Excellent verbal, interpersonal and written communication skills and the ability to any level of management
- Program or project management experience
- Experience working with virtual teams / teams geographically distributed is required
- Working knowledge of RCSA and SOx requirements
- Knowledge of FFIEC, COBIT and ITIL standards desired
- Excellent expertise in MS Office Suite, particularly in PowerPoint, Excel and MS Access, and Visio
- College degree (preferred) or equivalent work experience
13
Information Security & Risk Specialist Resume Examples & Samples
- Vendor product training, vendor analysis, written reviews, data security consulting. Will also develop or assess operational controls with respect to managing security risk
- Performs on call activities as a member of the Computer Incident Response Team. Provides subject matter expertise in at least one operating system and deep skills in at least one technical security focus area (firewall, encryption, forensics, litigation and discovery support, penetration testing, disaster recovery, server configurations) or enterprise application (TPF, SAP, etc.)
- Completes application level architecture designs and evaluates technology for business fit
- Effectively collaborates with 3rd party resources or vendors to accomplish objectives
- Minimum 5 years related experience with 3 years deep experience in security and IT technologies
- Must have previous experience in network operations, Systems security, access controls, vulnerability assessments, penetration testing, malware detection, social engeineering and physical security
- Network or system administration experience; Linux/Solaris/HPUX; software configuration management and implementation; software development
- Security frameworks (PCI, NIST Cyber, FedRamp, SOX, SOC 1, SOC 2)
- RFP analysis, vendor/product review experience
- Excellent written and verbal communication skills required
- Experience with global outsourcer (general IT or security services) and prior software development or scripting required. Background and experience as a security generalist for network and firewall security, B2B connectivity and VPN, vulnerability assessment, audit remediation programs, director domain, and LDAP) and application based access controls
14
Information Security & Risk Management Resume Examples & Samples
- Analyze thecurrent IT security environment to identify weaknesses and work with ITmanagement to develop opportunities for improvements such as reducing complexity, reducing time and cost, and increasing effectiveness
- Evaluate third party application service provider vendors to ensure information security compliance. Update and maintain information security disaster recovery plans.Coordinate bi-annual third party network vulnerability assessments with ITnetwork teams
- Bachelor’s degree, preferably in computer science, mathematics, business or a relatedfield, or appropriate technical training and equivalent job experience
- 5-8 yearsof IT experience; 3+ years experience in security administration
- Security administration experience with one or more of the following: Mainframe (RACF),Active Directory, iSeries or Databases or demonstrated related technical experience
- Ability to interact with user community to understand security needs
- Ability to organize, prioritize and coordinate multiple work activities and meet critical deadlines
- Identity management experience (such as Federate Identity, Access Management,Provisioning)
- Understanding of firewall theory and configuration
15
Information Security Risk Controller Resume Examples & Samples
- Support business access control processes and segregation of duties controls within the IB
- Monitor compliance with IB information security requirements and ensure timely resolution of issues
- Provide initial point of contact on information security issues for the IB
- Produce risk reporting on all issues related to information security risk management
- Support quarterly assessment process on information security control requirements for the IB
- Manage web access and exception processes for the IB
- Support the Divisional Information Security Office with incident management
- Provide Subject Matter Expertise support to the IB on all information security risk management issues
16
Morgan Stanley Bank N.a-information Security Risk Program VP Resume Examples & Samples
- Bachelor's degree or equivalent, preferably in IT, Business, Economics, or Finance
- 10+ years’ experience in the security, IT risk management and/or IT Audit related activities of the financial industry
- Strong oral and written skills (including Excel, Word etc) on a business level in English
- Good managerial skills relating to project management, program planning, and policy and procedure formation
- Knowledge of banking, specifically retail and institutional lending-related, regulatory compliance, with an emphasis on the FDIC, OCC, and FRB
- Good interpersonal skills, with an ability to navigate complex organizations and build and maintain relationships
- Strong foundational knowledge of information security, risk management, and technology governance practices
17
Information Security Risk Specialist Resume Examples & Samples
- Steers the collection and processing of cyber threat intelligence ensuring that the bank has access to relevant cyber intelligence information and that the information is timely provided to the relevant functions and required mitigation activities are executed
- Assessment of exposure to potential cyber threats by assessing external cyber threats, analysing the bank's defence capabilities against these threats and the respective kill chain and ensuring that mitigation activities are initiated and executed
- Manages intelligence-led penetration testing and red teaming activities, including participation to regulatory initiatives such as CBEST in the UK and Quantum Dawn in the US; supports the implementation of the 7.3 cyber security risk taxonomy in the context of the bank's operational risk framework
- Supports the definition of Information Security training requirements and mechanisms to promote and instil a culture of Information Security risk management and awareness within Group Technology; and supports the analysis of root causes on information security risk events and, where deemed relevant, provides benchmarking analyses on events that occurred in the industry
18
Information Security Risk Specialist Resume Examples & Samples
- Supporting business access control processes and segregation of duties within the WM and R&C divisions
- Monitoring compliance with WM and R&C information security requirements and ensuring timely resolution of issues
- Analyzing and assessing internal documents
- Producing risk reporting on all issues related to information security risk management with respect to the ODP (Outsourcing Due Diligence Process)
- Coordinating work and information flow in the team
- Identifying and supporting process improvements
- Maintaining guidelines, process documents and database
- Dealing with ad hoc queries in a professional and timely manner
19
Information Security Risk Management Specialist Resume Examples & Samples
- Assists with the implementation, monitoring, and management reporting of the IT Risk Management program and collaborate with CIS personnel to develop effective audit-issue and risk-finding remediation plans
- Performs line-of-business and subsidiary risk assessments in accordance with the IT Risk Management program schedule
- Evaluates adherence to established policy, standards and guidelines to ensure that IT Risk Management requirements are met and develop effective management responses and remediation plans to ensure that target dates are met and that residual risk is communicated and found acceptable by senior management
- Assists clientele with development of risk remediation plans and monitoring to ensure timely completion and that residual risk is acceptable by management and coordinate various aspects of regulatory submissions, including developing and reviewing technical documents, developing and tracking submission timelines, and managing the preparation of regulatory submissions to ensure compliance with regulations and guidelines
- Provides IT audit and regulatory examination portfolio management services to include coordination, scheduling, consulting, monitoring, and reporting and provide expertise in translating regulatory requirements into practical, workable plans; prepare critical submission documentation and communicate with regulatory agencies where applicable while acting as a point of contact between Corporate Information Security (CIS) and other functional areas
- Provides IT Legal Liaison services throughout BB&T Corporation. These services shall include (1) functioning as the IT point-of-contact for BB&T Legal Department on matters of litigation, e-Discovery, and/or general inquiry, (2) tracking and monitoring impact on IT resources, and (3) performing risk and trend analysis for minimizing future legal exposure
- Bachelor's degree in business, computer science or related discipline
- Four years IT risk management and/or IT auditing experience
- General understanding of IT Control Frameworks such as COBIT, ITIL and COSO
- Effective knowledge of IT auditing practices and regulatory requirements
- Strong team-oriented interpersonal skills and ability to get things done via collaborative efforts
- Thorough understanding of network topology and associated risks
- One or more professional certifications such as CISSP, CISM, or CISA
- Understanding of current financial services industry regulatory environment and related implications to security strategy, standards, and control frameworks such as COBIT, ISO, COSO and NIST
20
Cyber Manager Global Information Security Risk Resume Examples & Samples
- Experience in at least three of the following: InfoSec (Operations, Program Management, Governance, Risk Management, etc.), Enterprise Architecture, Identity & Access Management, Application Development, Infrastructure & Operations, IT Compliance, or Internal Audit
- Demonstrable, impeccable writing skills for technical, management, and executive audiences
- Demonstrable knowledge of InfoSec risk management methods and practices
- Professional certification in InfoSec or Risk Management (such as CRISC, CISM, CISSP, CGEIT, CISA, etc.)
21
Information Security Risk Management Manager Resume Examples & Samples
- Perform management functions, including but not limited to, making employment decisions regarding hiring, promoting, demoting and terminating, conducting performance appraisals and coaching and developing staff
- Monitor overall ISRM resources, demand planning performance, and drive process improvements around planning and forecasting
- Provide guidance to staff in order to complete pre-implementation risk assessments and make resulting recommendations to business and IT partners. Communicate findings with other internal ISRM Management to ensure a comprehensive evaluation of business and compliance risk
- Review the development, testing and implementation of security plans, products and control procedures. Review potential threats and respond to violations. Recommend appropriate remediation for data security incidents
- Oversee ISRM projects in order to improve enterprise-wide security capabilities. Provide guidance to the overall project vision, approach, and plan to deliver the required functionality. Oversee the successful implementation of the project, including translating business and technical requirements, addressing disparities in processes across IT Departments, and recommending solutions across the IT organization
- Monitor overall ISRM resources, demand planning performance, and drive process improvements around planning and forecasting. Develop consistent and repeatable reporting mechanisms to track the progress of projects within the ISRM Portfolio
- Partner with the TCF project management office (PMO) organization to ensure that Project Management tools, reporting and auditing processes are compliant
- Identify regulatory changes that will affect TCF policies and standards and recommends appropriate changes
- Partner with Corporate, Legal, and regulatory bodies in order to ensure that TCF policies and project requirements are compliant. Recommend changes to TCF Planning & Reporting Policies and Procedures
- 4-year degree in Computer Science, a related discipline, or equivalent work experience
- 8 years of experience across the IT delivery model in one or more of the following: Information Technology Management, Information Security Management, Information Security control development and testing, Information Security Audit
- 2 years of previous leadership or supervisory/management experience
- Experience with security aspects of multiple system platforms, operating systems, software, communications and network protocols
- Excellent analytical ability, consultative and communication skills, strong judgment and the ability to work with client and IS management and staffs, vendors, consultants and auditors
- Direct supervision and related management duties of the Planning & Reporting team (ISRM Reporting Analysts and Information Security Project Advisors)
22
Senior Consultant Information Security Risk Resume Examples & Samples
- Support 30,000+ users across North America
- Strong understanding of software development lifecycles
- Strong understanding of Java programming or other programming experience
- Relevant professional certifications or working towards attainment: GCIH/GSEC, CISSP, CEH
- Knowledge of Unix-based platforms, application and network security technologies
- Knowledge of mainframe platform and development
- Strong understanding of web-based application architectures (Apache, J2EE, Portal)
- Strong understanding of SQL, LDAP, MQ and other application protocols
- Strong understanding of applied use of cryptography in application development
23
Information Security Risk Service Specialist Resume Examples & Samples
- Vancouver based position with interaction to all lines of business
- Some travel required (<15%), Domestic
- Minimum of 5 years progressive experience in information security, or demonstrated risk experience
- Bachelor’s Degree in related field or equivalent experience
- Excellent organizational, technical, and management skills
24
Technology & Information Security Risk-operational Risk Management Resume Examples & Samples
- Maintain and support the collection and analysis of risk metrics independently from existing control assurance functions and systems to form the basis of reporting into the TISR Dashboard
- Review technology and information security metrics from Group Operation & Technology against independently collected metrics and audit reports to determine any systemic issues in existing controls
- Provide effective challenge on risk control activities, timeliness and completeness of mitigation/ action plans against known and emerging risks or prevailing cyber threat intelligence
- Lead or participate in the review on technology and information security focus areas where effectiveness of controls requires improvements
- Support the regular risk reporting to CRO, CEO and BRMC on the technology and information security risk landscape with change factors to response to critical risks, where required, and escalate any un-mitigated key risk issues
- Lead or participate in the review of technology and information security risks of outsourcing related arrangements
- Drive the Bank-wide Information Security Risk Awareness Program
- LI-EN
- Experience required
25
Information Security Risk Architect Resume Examples & Samples
- Assist with maturing the Information Security Risk Management program and framework
- Build and mature methods, processes and tools to support information security risk assessment services
- Lead a variety of information security risk assessments, recommend mitigation strategies, and work with internal stakeholders to assign monitoring responsibility
- Interpret risk and compliance requirements and translating them into actionable and sustainable implementations
- Facilitate the information security policy lifecycle and provide input to corporate policies, standards and procedures
- Contribute to other risk management activities such as remediation of security vulnerabilities and maintaining the Company’s risk register
- Empower Lending Club's culture of rapid innovation while promoting security and fostering trust
- Extensive experience with conducting IT, security, and compliance-related risk assessments and advising on mitigation strategies
- Ability to communicate in a clear and concise manner with all levels of an organization, and convey complicated technology and security concepts to technical and non-technical stakeholders
- Excellent project management and organizational skills with the ability to meet deadlines and quickly establish clear priorities
- Self-starter with the ability to execute in a fast-paced, high-demand environment while balancing multiple priorities
- BA/BS in information technology, business administration, or related field; MS preferred
- Professional certifications such as CISSP, CISM, CISA, or CRISC a plus
26
Privacy & Information Security Risk Management Analyst Resume Examples & Samples
- Relevant work experience in information systems and information security as typically acquired in five years
- Three years of healthcare information technology industry experience highly desired
- Thorough knowledge of information systems security concepts, current information security trends, and practices including security processes and methods
- Thorough knowledge of software, hardware, databases, networks, firewalls, encryption, and other systems security devices
- Working knowledge of TCP/IP, DNS, DHCP, Active Directory, network topologies, and intrusion detection systems
- Familiarity with various database architectures and related security best practices
- Demonstrates strong quantitative, analytical, and conceptual thinking skills
- Strong business and technical skills in the planning, administration, and management of information systems, operational and technical security controls, and security risk management
- Knowledge of federal and state security and privacy-related regulatory requirements
- Detailed knowledge regarding NIST, HIPAA, FIPS, and other related industry security standards, regulations, and best practices
- Strong organizational, analytical, and problem-solving skills
27
Information Security Risk Associate Director Resume Examples & Samples
- A four-year college degree in Computer Science or equivalent certification is required
- 10 - 12 years of experience in information security, preferably in the BPS Services Sector related field
- In-depth understanding of network and system security technology and practices across all major-computing areas (mainframe, client/server, PC/LAN, telephony) with a special emphasis on Internet related technology
- Experience in understanding and deploying risk management frameworks
28
Information Security Risk Resume Examples & Samples
- Individual contributor on the firm’s Cyber Assessment team of risk analysts in multiple remote locations
- Perform focused risks assessments of existing or new services and technologies
- Communicate risk assessment findings to information security “customers,” or business partners and influences the risk mitigation
- Provide consultative advice to information security customers that enables them to make informed risk management decisions
- Identify opportunities to improve risk posture, developing solutions for remediating or mitigating risks and assessing the residual risk
- Contribute to Cyber assessment metrics and GRC reporting to senior management to influence risk based results
- Strong documentation and process oriented background with leading and managing complex Technology projects
- An ability to identify and assesses the severity and potential impact of risks and communicate risk assessment findings to risk owners in a way that influences optimum risk mitigation
- Excellent prioritization capabilities, with an aptitude for breaking down work into manageable parts, effectively assessing the priority and time required to complete each part
- An ability to work on several tasks simultaneously and pay attention to sources of information from inside and outside one’s network within an organization
- An ability to apply original and innovative thinking to produce new ideas and create innovative products, solutions, or approaches
- A discipline and interpersonal skills to work well in a global environment, complementing teams in multiple remote locations
- 3+ years of work experience as an accomplished Information Technologist practitioner with experience in architecture implementation and engineering or equivalent
- 3+ years security, especially in an Information Risk Analysis role
- 3+ years of experience with documenting, project management, written analysis for Information Security risk assessments
- Certified Information Systems Security Professional (CISSP) and/or Certified Information Systems Auditor (CISA)
29
Information Security Risk & Performance Data Mgmt Resume Examples & Samples
- Contribute to the development and implementation of the security metrics program
- Responsible for developing and managing the data management and governance framework, requirements, and processes
- Responsible for identifying and overseeing data enrichment services
- Responsible for the full data lifecycle of a measure
- An excellent communicator both orally and in writing
- Candidate must be able to use logic and reasoning to identify the strengths and weaknesses of alternative solutions, conclusions or approaches to problems
- Understanding data integration, both real-time and batch
- Understanding data quality and governance solutions
30
Director of Information Security Risk Management Resume Examples & Samples
- Serve as an effective and inspirational leader for a team of senior-level information security risk analysts
- Be recognized as an expert in global, end-to-end Information Security Risk Management technologies and systems that support a global network consisting of retail locations, manufacturing and data centers
- Create compelling strategic visions for Information Security Risk Management and see them through to fruition by influencing senior executives and other stakeholders
- Responsible for providing strategic direction and oversight of over $100 million in Information Security technology investment projects over a 4-6 year term
- Demonstrate an ability to translate business trends and strategies into technical services and solutions as it relates to Information Security planning and business imperatives
- Support strategic technology planning by identifying, tracking, and experimenting with new and potentially disruptive technologies. Lead team that evaluates higher risk technology investments in supply chain
- Evaluate technology and Information Security trends in order to achieve value as part of a business strategy. Combine a broad knowledge of the potential value in emerging Information Security technologies and a keen understanding of how these technologies can affect Nike’s business and Information Security processes
- Analyze needs and requirements of existing and proposed products/services, applications, and service offerings, and develop technical, structural and organizational specifications
- Have the ability to effectively work cross-functionally with and through business and IT managers
- Demonstrate the ability to effectively collaborate with managers and team members. Represent CIS organization as part of the broader Nike team
- Bachelor’s Degree and minimum of 10 years of experience leading technology teams in support of Information Security Risk Management Systems
- Expert level in Information Security Risk Management technology solutions and strategies
- Proven track record of being results oriented with demonstrated ability to achieve aggressive goals
- Exceptional communication skills, including the ability to gather relevant data and information, actively listen, dialogue freely, verbalize ideas effectively, negotiate tense situations successfully, and manage and resolve conflict
- Demonstrated expertise of building a consensus across business partners and technology leaders, and influencing successful outcomes
- Experience working successfully in a highly matrixed work environment
31
Information Security Risk Performance Data Management Resume Examples & Samples
- Responsible for aligning data, taxonomies, categorizations and schemas
- Responsible for defining requirements to enable design and deployment of the mechanisms and tools for data harvesting
- 7-8 years of experience experience with identifying, analyzing, and reporting on value-added key risk indicators and key performance indicators related to information security, Cyber Security or broader IT
- Strong experience in developing, implementing, and maintaining data management framework and governance
- Strong experience in data modeling
- Strong experience in the collection and aggregation of various data sources for reporting and archiving of statistical data
- Able to present effectively using several reporting and presentation tools such as Microsoft PowerPoint and Excel
- Candidate must have strong analytical skills to determine how a system should work and how changes in conditions, operations, and the environment will affect outcomes
- Candidate must be able to identify measures or indicators of data quality and the actions needed to improve or correct performance, relative to the goals of the system
32
Summer Information Security & Risk Intern Resume Examples & Samples
- Experience with Linux and some TCSH scripting
- Access
- Excel: pivot tables, excel functions, and graphs
- Snag-It
- Interpersonal relationship management
- Good decision making skills
- Creative problem-solving skills
33
Information Security Risk Program Associate Resume Examples & Samples
- Access Management: Monitor entitlements and segregation of duties controls
- Training. Manage deployment, tracking, and escalation of completion
- Governance. Prepare reporting on information and cyber security KRIs, issues, and initiatives for management and committees
- Risk Management. Review and report on Policy exceptions and Risk Acceptances
- Regulatory. Analyze security-related regulatory guidance (OCC, FRB, FFIEC, etc.) and assist in responses to relevant regulatory and audit requests
- Alignment. Participate in business-wide and Firmwide programs; liaise with teams including IT, Legal and Compliance, and Technology and Information Risk
- 3+ years’ experience in the security, IT risk management and/or IT Audit related activities of the financial industry
- Knowledge of banking regulatory compliance, with an emphasis on FFIEC IT Handbooks
- Outstanding verbal, written, and presentation skills to effectively communicate information security objectives in business terms to various levels within the organization
- CISM, CISSP, or similar accreditation
34
Information Security Risk Management Consultant Resume Examples & Samples
- Proactively consults on security, IT general controls and SOX regulatory compliance requirements
- Proactively consults on security requirements associated with US and UK Privacy/Security Regulations
- Assists in Establishing Enterprise-Wide Information Security policies, procedures & standards
- Develops, delivers and maintains an ongoing Information Security & Privacy Awareness program
- Uses business knowledge to assist with all aspects of responding to Customer Information Security Risk Assessment inquiries (including working directly with customers); Request For Proposals for new/renewal business, and customer and vendor contract language reviews
- Conducts comprehensive security risk assessments on 3rd party/vendors as part of the Enterprise Vendor Risk management program
- Facilitates all aspects of responding to Customer Information Security Risk Assessment inquiries (including working directly with customers); Request For Proposals for new/renewal business, and customer and vendor contract language reviews
- Coordinate and oversee the management and implementation of DLP technologies and processes, playing a key role in maintaining, testing and reviewing DLP rules
- Supports all IT audit generated projects, including reviewing and maintain metrics on all IT related audit findings
- Contributes to horizontal and enterprise business strategy development by bringing forth impacts and opportunities associated with available and emerging technologies. Ensures alignment of technology goals and plans with corporate strategies
- Supports cross-organizational IT/Business functions in technical choices for a variety of large, strategic efforts by applying knowledge of Unum’s security framework and technical environment
- Extends/establishes security standards and guidelines
- Functions as a subject matter expert in security analysis and design across the enterprise
- Shares security knowledge and expertise in multiple cross-organizational enterprise forums. Communication audience, negotiation partners, and sphere of influence extend across the enterprise, including vendors and senior level managers
- Takes a lead role in independently and proactively proposing security solutions that address business needs across the enterprise
- Acts as the Security Lead monitoring IT and SOX regulatory requirements
- Leads compliance related projects, as assigned, performing all aspects of project management
- Mentors IT professionals on various information security and IT controls requirements
- Develops strong partnerships with business clients, application developers, software vendors and other technical resources
- Communicates effectively with business partners and systems resources at all levels
- Delivers effective, high-quality solutions in a timely manner
- BS or advanced degree in computer science or related discipline
- Five or more years of Information Security, Risk Management, Privacy or Audit experience
- Knowledge of Privacy and IT Regulations such as HIPAA, GLBA and SOX
- Knowledge of Information Security Software, products and technologies
- Knowledge of Industry Security Standards IT General Control standards including NIST, CoBIT, ITIL,and ISO27002
- Knowledge of industry standards and best practices associated with Risk Management methodologies such as ISACA’s IT Risk Management Framework
- Solid Foundation in Mainframe & Distributed Technology
- Ability to take an enterprise view (see the big picture)
- Highly proficient in exercising leadership behaviors repeatedly in a variety of challenging situations that are complex, ambiguous, and have more disagreement/conflict
- Ability to interact with all levels within the organization, including Sr. Management
- Strong oral and written communications and presentation skills
- Strong analytical stills
- Customer Service orientation & skills
- Ability to take pro-active initiative given general direction
- Strong Consulting skills
35
Information Security Risk Resume Examples & Samples
- 1) Lead participation and materials creation in preparation of materials for the GIS Risk Committee, Board Reporting, Quarterly Regulator Reviews, Audit materials
- 2) Maintenance of Process Risk Control (PRC) inventory and management of the GIS Risk Control Self Assessment
- 3) Manage Process Health Dashboard to aid in identification of GIS control gaps/weaknesses
- 4) Being the point of contact for Central BCMR and building relationships with our external partners (Audit, Ops Risk, Compliance)
- 5) Creation of internal reports and routines
- 6) Identify, measure, monitor and control risk through sound risk management
- 7) Champion a strong risk culture throughout the organization to promote sound risk taking within our risk appetite
- 5+ years of risk management experience wtih proven ability to effectively apply risk principles to challenging business situations
- Must display strong subject matter expertise in risk management, governance and development of risk appetite
- Critical thinking/analytical skills
- Strong analytical skills/problem solving/conceptual thinking and business acumen to understand the risk impact and severity of discovered vulnerabilities
- Excellent communication and problem resolution skills (oral and written)
- Strong organization skills with the ability to prioritize requests and workload accordingly
- Influence horizontally and vertically across the organization and diverse audiences with varying degrees of technical understanding
- Strong leadership skills and qualities which enable you to work with peers and various levels of management
- Assist with internal efficiencies projects and development
36
Manager, Global Information Security Risk Resume Examples & Samples
- 5+ years of applicable experience in risk and information security
- 3+ years of experience with internal controls, performing risk assessments, on-site security audits, and internal IT control testing or operational auditing,
- 3+ years of experience with managing people across multiple roles and functions
- BA/BS in information technology, business administration, or IT-related field
37
Information Security & Risk Management Lead-business Service Resume Examples & Samples
- Provide SME and training to IT associates in areas of ISRM such as IAPP, Information Security, and Project Risk Management. Understand the impact of the ISRM requirements on systems and data to determine risk and recommend mitigation
- Lead the efforts to apply risk management processes in the business projects to identify and track risks, recommend solutions, validate remediation plans and facilitate implementation. Provides guidance to project teams and colleagues on security issues and related internal control gaps
- Lead activities for audit preparation, hosting and follow-up activities and propose strategies to improve performance in audits
- Manage the ISRM action plans. Provide written and verbal communication such as status reports, progress reports and documentation to Business Unit IT, ISRM Management and other stakeholders
- Create awareness in the organization of Information Security principles and concepts, including development and delivery of training and ongoing educational opportunities
- Monitor, evaluate and ensure the resolution of moderately complex security incidents and/or crisis resolution management
38
Information Security Risk Management Resume Examples & Samples
- Liaise with sales, sales ops, marketing/segments, and contracting teams to ensure that RFI/RFP Information Security requirements are identified, understood, and properly represented to internal teams and customers
- Understand and anticipate cyber security requirements and regulations from government segment customers
- Interpret requirements such as: FISMA, FedRAMP, System Security Plans, DoD regulations, OMB, FARS, and various NIST controls and how they may apply to products at Thomson Reuters
- Represent Information Security aspects of Legal BU products sold to the government segment
- Partner with product teams to understand security controls within the product and provide guidance to product teams to ensure compliance with our policy, customer requirements, and regulatory requirements
- Advise and provide consulting on application security and the security of the infrastructure that supports the products which includes application scanning and infrastructure vulnerability scanning
- Assist in escalations on security incidents that are related to staff or products in the Legal BU
- Create information security collateral such as system security plans, security white papers, and opinion guidance to be used for sales, product managers, and contracting teams
- Work with a team to coordinate audits conducted by content providers to our products and/or customers
- Bachelor’s or Master’s degree in computer science, business or equivalent experience
- 7+ years of technology experience with a strong focus on information security to include
- A track record of effectively prioritizing work and delivering
- Skilled influencer capable of resolving conflict
- Strong problem solving, decision making, and technical skills
39
Information Security Risk & Controls Manager Resume Examples & Samples
- Manages information security risk management program, ensuring the identification, tracking, and timely remediation of information security related risk issues. Serves as subject matter expert in area of information security risk management methodology and practice. Works closely with bank business units to ensure management of information security risk issues, including operation and vendor risk associated with acquisition of new technologies. Drives operational excellence by establishing and maintaining procedures, standards, and operational workflows, seeking continuous improvement opportunities, and ensuring effective management reporting. Oversees planning and recommendations of changes based on new or changing business requirements or evolving technology
- Manages information security and corporate technology governance program, ensuring policies and applicable procedures are complete and comprehensive, that new governance requirements are addressed, and that governance is kept up to date
- Manages IT controls, compliance, and disaster recovery planning functions. Ensures coordination of annual internal audits and regulatory examinations, and alignment with Corporate Compliance function. Supervises team members to ensure adherence to corporate policy, regulatory requirements, and accepted best practices
- Managed the bank’s incident response program, ensuring that the program is kept current, and that members of the incident response team and senior managers receive regular training and participate in incident management exercises
- Manages the security awareness program, ensuring that all employees and contractors understand the bank’s information security program and policies. Meets with business units and information security coordinators to ensure specific business needs are understood and addressed. Administers testing and remediation tracking as needed
- Responsible for the management of all employees in the section including staffing and scheduling, compensation, performance management, training and development. Goal is to attract and retain a quality team and motivate them to achieve management business objectives while maintaining a favorable employee relations climate. Responsible for the timely and effective management of Human Resources forms and documents relevant to immediate staff. Leads the team by inspiring engagement and increasing the capabilities of others to optimize business results
- Manages department projects, ensuring compliance with project management standards and processes and performs all other miscellaneous responsibilities and duties as assigned
- Minimum 7 – 8 years of increasingly responsible positions in information security/information technology, risk management, and/or financial services compliance-related work experience with all levels of technical professionals and management
- Also requires at least 5 years of team leadership/supervisory/management experience supervising and mentoring technical professionals
- Significant process management/project management experience preferred
- Requires a broad knowledge of information security best practices, IT controls implementation, software development lifecycle, and awareness of new approaches and techniques in information security technology
- Demonstrated proficiency and expertise with personal computers in a networked environment and Microsoft applications (Outlook, Word, Excel, Access, and PowerPoint) or similar software
- Knowledge of or ability to use Bank software and systems
- Knowledge of or hands-on experience administering identity and access management systems preferred
- Ability to build strong working relationships and partnerships across organization with a collaborative and consultative approach
- Possess strong analytical, quantitative, and problem solving skills to identify business and process improvement opportunities and risks, implement procedural change, and establish internal controls
- Strong project management and organizational skills required to execute and complete projects on-time
- Ability to simultaneously manage multiple projects and assignments with varying deadlines
- Possess strong intellectual curiosity and business acumen
- Must be a self-starter with the ability to work independently
- Utilize strong verbal and written communication skills across all levels of the organization
- Ability to express complex ideas in concise and simple terms
- Effective interpersonal skills and collaborative management style to include teamwork, team building, conflict management, negotiating and problem solving skills
- Able to work flexible hours including holidays, weekends and evenings as needed or assigned
- Must be able to provide own transportation or to operate a vehicle with a valid driver’s license, and commute as required
- Able to travel off-island as necessary
40
Senior Enterprise Information Security Risk Resume Examples & Samples
- Expert level knowledge conducting security risk assessment and remediation or equivalent audit experience
- Experience with PCI, FISMA, GLBA, HIPAA and HITECH requirements
- Experience using enterprise IT governance, risk, and compliance tools (Archer, Lockpath, RSAM, etc.)
- Experience managing projects/initiatives within a large distributed environment
- Excellent organization, attention to detail, and documentation skills
- Excellent written communication skills are critical to the success of this position
- Experience establishing interdepartmental relationships
41
Global Information Security Risk Management Manager Resume Examples & Samples
- Engaging with business stakeholders to determine risk management appetite, treatment, and reporting
- Developing people, processes, and technology to ensure proper treatment of risks based upon appetite
- Deliver continuous risk register including all components aligned to the key control areas and business segments
- Measure, report, and improve the IS risk management function(s)
- Collating information for Executive reporting
- Assist, train, facilitate, and coordinate the delivery of procedure documents, process diagrams, Metrics reports, capability requirements, and training and communication documents
- Lead, train, and support the growth of the resources in the IS risk management functions
- Continue to develop your talents and engage with our client facing functions to stay abreast of our delivery methods to clients
- Demonstrable experience of Information Security Risk treatment
- Demonstrable experience in assessment methodologies and frameworks
- Demonstrate knowledge and understanding of information security
- Experience with IT audit functions and IT controls
- Proven ability to work in global collaborative group environment
- Proven excellence in PPT presentations for reporting process metrics and delivering KPI’s
- Proven, effective, leadership and implementation in Information Security
- Information security qualifications (e.g. CISSP, CRISC, CISM, )
- Strong desire to continue to learn
- Conflict Management Resolution (Options Analysis)
- Customer Focus
- Organized and methodical
42
Information Security Risk & Security Management Consultant Resume Examples & Samples
- Lead initial Information Security Management System (ISMS) implementation, risk assessment and Business Continuity plan based on the ISO/IEC 27000 series standards and NIS directive
- Perform audits to validate completeness and accuracy of the information security program
- Develop remediation and corrective action plans with related governance and operational functions throughout customer organization
- Author and revise information security policies, standards, procedures and guidelines
- Liaise with the customer representative, the ISMS Service Delivery Manager and Security Operation Center Level 3
- Handle client request and/or respond to emerging needs
- Conduct compliance monitoring and improvement activities to ensure compliance with internal security policies and applicable laws, regulations and standards
- Advise Customer CISO on course of action
- Develop supporting information security awareness, training and educational material
- Deliver subject matter workshops and bespoke trainings
- Translate customer requirements into an evolution Roadmap and maintain them all along the service
- Implementation concerning actions of the evolution Roadmap
- Assist customer in the GDPR compliancy plan to set appropriates procedures, methods and products
- Information risk and security management: CISSP, CISM, CRISC, or similar; 3+ years’ work experience in the field; familiarity with applicable standards, methods, models and approaches
- Solid knowledge of Information Security principles and best practices such as ISO 27001 ISMS, ISO 27035 Information Security Incident Management, ISO22301 Business Continuity Management and experience in managing information security risk, incidents, responses and investigations, plus a general information security technical background
- General business management: Experience for dealing with information risk, security, privacy, incidents, business continuity, compliance etc
- Languages :Tri-lingual English, Dutch, French
- ********
43
Information Security & Risk Program Manager Resume Examples & Samples
- Manage all aspects of the Governance, Risk, Customer Assurance, Product Security and Business Solutions portfolio
- Help develop key senior management operating rhythms in a global and matrixed environment
- Ability to integrate strong operational rigor into the project management office and management reporting areas
- Develop continuous monitoring and process improvements for evolving information security & risk area
- Strong critical thinking and group facilitation skills, specifically in large or complex problem settings
- Extensive experience in the information security and risk domain
- Must have unrestricted authorization to work in the United Kingdom
- Prince2
44
Information Security Risk Team Lead-safr Resume Examples & Samples
- Bachelor’s degree from an accredited college or university in a field related to department functions or equivalent combination of education and experience
- 7+ years of work experience within related information technology field, which include 3 years of experience in a relevant technical leadership role or other relevant management experience, or an equivalent combination
- Familiar with National Institute Standards and Technology (NIST) controls , ISO 27000, and COBIT 5
- Demonstrated understanding of compliance, audit process and ability to adhere/manage various risk controls
- Strong critical thinking, analytic and problem-solving skills required
- Proven ability to influence and build relationships with various technical teams, business owners and management at all levels of the organization to successfully deliver on changing business need
- Demonstrated experience in building and maintaining self-driven, high-performing teams, coach and develop staff to their potential
- Strong skills in programs including, but not limited to, the MS Office Suite, MS Visio, MS Project and MS SharePoint
- Highly proficient written and verbal communication skills, including the ability to communicate in an articulate, concise manner to a wide range of audiences from Bank users to executives
- Effective customer service and interpersonal skills, including the ability to work effectively in a team environment; motivate and work through others to accomplish tasks; and deal honestly and directly with others
- Note: Certification in SAFR is required within 3 months of hire
- Experience in audit processes
- Knowledge of IT Service Management (ITIL)
- Knowledge of IT Infrastructure and Technology
- Industry Certifications such as CISA, CRISC, CISSP strongly preferred
45
Information Security Risk & Controls Resume Examples & Samples
- Advocate for all company information security related issues including planning and development of Autodesk's information security strategy in support of the company's strategic business plan
- Build the enterprise security framework: build the foundation and help define capabilities and processes to address Autodesk's enterprise (corporate and product) security needs for the next 3-5 years
- Define, implement and execute the Security Incident Response process as overall leader during incident response. Work closely with the Autodesk Crisis Management Team (CMT) to protect Autodesk’s business interests during an active security incident and drive / monitor appropriate remediation activities upon incident closure
- Lead the Information Security Risk & Controls team of 30 employees and 22 contractors and managing a budget of $12M
- As the senior-most information security officer in Autodesk, provide cybersecurity updates and communications to C-suite executives and the board of directors
- Oversee the overall strategy and execution for the compliance program to include SOC2, SOX, GDPR and other regulatory data handling certifications
- In partnership with the Autodesk General Counsel's Office assure regulatory compliance with regional, national and state data privacy regulations
- Identify and implement a risk management framework that ensures appropriate application of risk-based controls
- Participate in enterprise risk management process advising senior management of technology risk. Develop and drive risk mitigation and remediation plans
- Identify security technologies and trends ensuring that Autodesk's computing environment keeps pace with technological change and innovation
- Manage vendor relationships with security services suppliers including traditional product and service vendor management, managed service supplier management, and SaaS supplier management
- Partner with General Counsel's office in developing, enhancing and maintaining Autodesk's litigation compliance e-Discovery capability
- Define and execute Autodesk Information Security communication and awareness program
- Develop and enhance the security skills and capability of cross-functional EIS teams (infrastructure, application, operational support, etc.) to ensure that systems remain secure, available and meet functional business needs (ensure Confidentiality, Integrity and Availability)
- Engages in security best practice sharing with Autodesk peer organizations. Actively participate in executive briefings
- Develop the global information security team to grow to its next level of maturity and scalability as wells as develop core security competency throughout the enterprise
- What you need to succeed
- 10-15 years of successful experience in security, IT architecture or engineering management. Significant understanding of IT Infrastructure technologies including network, server, end-point, mobile, storage and how security relates to the overall IT
- 5-10 years executive management experience working with C-Level executives and customers
- 8 years of experience managing a global enterprise information security function preferably in the software/high technology industry
- 5 years of experience with knowledge and experience with Software/Infrastructure/Platform-as-a-Service (SIPaaS) solutions and architectures
- Demonstrated professional experience in preparing and presenting information effectively to broad internal and external constituencies including non-technical executives, corporate officers, business colleagues, product and service vendors and external peers
- Bachelor's degree in an information technology discipline. Professional information security certification (e.g., Certified Information Systems Security Professional, (CISSP), SANS/GIAC, CISM, MS or MBA preferred
46
Fall Information Security & Risk Intern Resume Examples & Samples
- Experience with Android application development (Android studio, Scrum Methodology)
- Experience with Windows Operating Systems including Java, C and C++
- PowerPoint
47
Fall Information Security & Risk Intern Resume Examples & Samples
- Experience with Windows Operating Systems
- Modern security assessment and penetration testing tools and methods
- OWASP Testing Methodology
- Web Application security concepts
- Common network protocols
- Experience writing basic scripts via bash, Python, PowerShell, Ruby, etc
- Performing vulnerability research by identifying and developing new attack methodologies, tools, and/or scripts
48
Information Security Risk Associate Resume Examples & Samples
- Identify, measure, monitor and report on risks in the domain of wholesale services information technology, including information security, cyber security, business continuity, SDLC, and project management
- Assess the adequacy of controls related to information and cyber security risks
- Ensure the proper implementation of the WPO’s project risk framework and adherence to the FRS security assurance standards
- Develop and deliver written and verbal communications, including proposals, reports, presentations, and procedures, including recommendations for all levels of management
- Maintain a global awareness of relevant regulations, laws, emerging issues, trends and ongoing developments related to Information Security, cyber security and business resiliency in the financial services industry
