IT Security Risk Resume Samples

4.6 (60 votes) for IT Security Risk Resume Samples

The Guide To Resume Tailoring

Guide the recruiter to the conclusion that you are the best candidate for the it security risk job. It’s actually very simple. Tailor your resume by picking relevant responsibilities from the examples below and then add your accomplishments. This way, you can position yourself in the best way to get hired.

Craft your perfect resume by picking job responsibilities written by professional recruiters

Pick from the thousands of curated job responsibilities used by the leading companies

Tailor your resume & cover letter with wording that best fits for each job you apply

Resume Builder

Create a Resume in Minutes with Professional Resume Templates

Resume Builder
CHOOSE THE BEST TEMPLATE - Choose from 15 Leading Templates. No need to think about design details.
USE PRE-WRITTEN BULLET POINTS - Select from thousands of pre-written bullet points.
SAVE YOUR DOCUMENTS IN PDF FILES - Instantly download in PDF format or share a custom link.

Resume Builder

Create a Resume in Minutes with Professional Resume Templates

Create a Resume in Minutes
AS
A Satterfield
Alfonzo
Satterfield
680 Gaylord Row
Philadelphia
PA
+1 (555) 761 3176
680 Gaylord Row
Philadelphia
PA
Phone
p +1 (555) 761 3176
Experience Experience
10/2014 present
Boston, MA
Director, IT Security & Risk Management
Boston, MA
Director, IT Security & Risk Management
10/2014 present
Boston, MA
Director, IT Security & Risk Management
10/2014 present
  • Consults with IT technical teams and collaborates to develop plans to drive improvement in the annual IT Maturity Assessment
  • Analyze audit reports to identify classes of risk and recommend corrective actions to IT management
  • Develop risk and control metrics
  • Manage the process of identifying and assessing the overall risks affecting the business
  • Coordinate IT management responses to internal and external audit reports
  • Elevate risk awareness and empower employees thru comprehensive security and awareness training program
  • Identify and assess inherent risks to IT business functions. Identify controls designed to address inherent risks. Identify and track residual risks given design and effectiveness of controls. Propose technology solutions to assist in the identification, reporting, and monitoring of risks
02/2010 06/2014
Phoenix, AZ
IT Security & Risk Expert
Phoenix, AZ
IT Security & Risk Expert
02/2010 06/2014
Phoenix, AZ
IT Security & Risk Expert
02/2010 06/2014
  • Providing subject matter expertise in IT Risk Management; leading trainings and awareness presentations
  • Provide subject matter expertise in IT Risk Management for junior colleagues; lead trainings and awareness presentations
  • Assisting IT functional management to identify, assess and document risks to the IT environment
  • Analyzing IT control environment of vendors providing various IT services to the bank
  • Participate in initiatives to improve Risk Assessment processes and tools across the company
  • Participating in initiatives to improve Risk Assessment processes and tools across the company
  • Analyzing network infrastructure change requests and raising potential risk issues
10/2003 09/2009
New York, NY
IT Security Risk Consultant
New York, NY
IT Security Risk Consultant
10/2003 09/2009
New York, NY
IT Security Risk Consultant
10/2003 09/2009
  • Perform due diligence in working with vendors to evaluate IT vendor controls related to the services provided to CELERITY
  • Provide assistance with penetration exercises and review penetration test reports, in conjunction
  • Provide assistance and guidance with phishing and malware incidents
  • Create and review Operational Security Guidelines
  • Provide a summary analysis to Procurement and the business areas seeking to leverage the vendor for services identified
  • Provide Security Awareness Training
  • Application Security Reviews using IRM Tools (ie/ ITRAM)
Education Education
Bachelor’s Degree in Management Information Systems
Bachelor’s Degree in Management Information Systems
DePaul University
Bachelor’s Degree in Management Information Systems
Skills Skills
  • Highly organized, results-oriented and attentive to details
  • Ability to work in a fast paced, highly visible, changing environment
  • Knowledgeable in user and system lifecycle management
  • Strong verbal and written communication skills with the ability to adapt information delivery based on the target audience
  • Ability to multitask and manage multiple topics and demands concurrently
  • Single Sign On and system integration to consolidate user accounts/identities
  • Working knowledge of IT processes (i.e., ITIL) including incident, problem, defect, change and release management
  • Working knowledge of Unix/Linux administration, databases (SQL) and LDAP directories (AD, etc.)
  • Information Security Certification (CISSP, GSEC, etc…) or other related security certification is highly desired
  • Excellent presentation, facilitation and diplomacy skills
Create a Resume in Minutes

14 IT Security Risk resume templates

1

VP-it Security / Risk Resume Examples & Samples

  • Maintain a broad understanding of regional laws and regulatory requirements relating to information security and privacy, industry best practices, exposures, and their impact to the business
  • Maintains regular routines to ensure that regional stakeholders are engaged to changes that impact the region
  • Promote awareness and understanding of information security controls and programs to all levels across Business Units; (e.g., Executives, managers, technical, business and support staff, consultants and vendors, etc.)
  • Engage as a consultant to various business units for new/significant Application and/or Infrastructure development initiatives as an Information Security advisor and risk assessor, and to support the business units in the development of corrective action plans. Assist in ensuring effective information security programs are in place across regional business units
  • Provide guidance to the business for resolving audit findings and ensuring closure
2

IT Security & Risk Expert Resume Examples & Samples

  • Analyzing network infrastructure change requests and raising potential risk issues
  • Interacting with IT Management, Business and Risk Management teams across the Bank to discuss risk assessments/risk exposure to ensure accuracy and transparency across all key stakeholders
  • Acting as a mentor for junior colleagues
  • Providing subject matter expertise in IT Risk Management; leading trainings and awareness presentations
3

IT Security Risk Consultant Resume Examples & Samples

  • Member of the Information Security Team
  • Application Security Reviews using IRM Tools (ie/ ITRAM)
  • Create and review Operational Security Guidelines
  • Measure, report and submit KRIs for 2nd Line IRM and Information Security
  • Review IT process controls
  • Have in depth knowledge of Information Security technical governance and third party assurance
  • Test SoX Key IT Controls including ITGC controls
  • Schedule and Review vulnerability reports, providing consultation to IT teams for resolution
  • Review and Track vulnerabilities reported for UK Region for resolution, using UK tooling available
  • Provide Security Awareness Training
  • Provide assistance with penetration exercises and review penetration test reports, in conjunction
  • CISSP or CISA qualified
  • 5 years + Information security + Information Risk Management experience
  • Data Loss prevention experience
  • Knowledge of internet proxies
4

IT Security & Risk Specialist Resume Examples & Samples

  • Identify scope and assets under review
  • Interview stakeholders to gather data about the system or service
  • Creating risk assessments for raised exception requests
5

IT Security Risk Consultant Resume Examples & Samples

  • Responsible for the implementation and management of Role Based Access/Attribute Based Access Control, of many different business areas and technical groups
  • Along with policy and procedure, you will also establish a quality assurance process to ensure compliance to procedures and standards
  • Creating strategy and will work closely with and provide support to the other areas of Access Management including CyberArk and Oracle Identify Manager teams, and security administration
  • Attend strategy meetings, and update project documentation. You will also lead collaboration meetings with Stakeholders, build program governance, and work through issues, problem solving, and escalation
  • Along with being an advocate for the new program, you will provide leadership and mentoring to the see this project to completion
6

Director of IT Security & Risk Resume Examples & Samples

  • Work with Information Security leads to plan, design and implement an overall risk management process for the firm
  • Manage the Information Security engineering team, providing professional development, coaching, and performance management
  • Manage process for assessing risk for CEB vendors, contractors, and other third-party service providers
  • Respond to security questionnaires from CEB client’s regarding CEB Security capabilities and risk management program. This requires understanding CEB’s security environment and risk posture
  • Perform risk assessments, which involve analyzing risks as well as identifying, describing and estimating the risks affecting the business
  • Implement risk evaluation, which involves comparing estimated risks with criteria established by the firm such as costs, legal requirements and environmental factors, and evaluate CEB's previous handling of risks
  • Produce and tailor risk reports for use with different audiences
  • Provide support, education and training to staff to build risk awareness within the firm
  • Identify process improvements to meet acceptable risk profile, communication and collaboration with appropriate teams to get initiatives prioritized and scheduled
  • Lead IT Risk audits of data products across the firm to ensure member and client data is kept secure
  • Functional knowledge of security information and management products; investigatory procedures; and event documentation/tracking
  • Minimum of 5 years of formal risk management demonstrating progressive responsibility for managing Risk Portfolios for large complex projects or domains in a cross-functional environment
  • Experience with formal risk management procedures, policies and reporting
  • Excellent written and verbal communication and presentation skills with technical and non-technical team members
  • Proven documentation skills including proficiency with the documentation and documentation maintenance for process work flow diagrams
  • Demonstrated ability to influence over cross-functional working teams in a matrixed environment by serving as a trusted advisor and domain expert
  • SANS GIAC, CISSP, CISA, or other Risk Management certifications are required
  • Strong teamwork and staff management skills to maintain strong working relationships within and outside Corporate IT, to develop a results-oriented work environment
  • Must be highly self-reliant, motivated and able to take ownership of tasks through completion
  • Must be process oriented and a person with strong analytical skills
  • Strong work ethic and interpersonal skills
  • BA/BS required
  • Ability to travel domestically and internationally (travel is less than 10% of the role). Must have valid passport and no international travel restrictions
7

IT Security & Risk Manager Resume Examples & Samples

  • Responsible for providing identity and access management (IAM) governance (including audits) services to business applications
  • Lead ERP IAM projects and manage ERP account team to handle day to day request, review changes and develop appropriate solution
  • Provide daily customer support in order to ensure customer satisfaction
  • Act as the subject matter expert, demonstrating leadership qualities in collaborative efforts with business and IT teams to refine, enhance, and align solutions based on the organization’s overall IAM strategy
  • Perform project related tasks on identity and access management projects including development of requirements, collaborative evaluation and selection of products
  • Recommends and coordinates the identity and access management account fixes, patches, & recovery procedures in the event of a security breach
  • Ensure communication is customer-focused and professional
  • Assists in the testing of controls and the remediation of any deficiencies identified
  • Research and keep abreast of emerging technologies in Identity and Access management landscape
  • Validates and verifies system security requirement definitions and analysis
  • Minimum 8 years of progressively responsible IT experience with at least 5-6 years of security/infrastructure protection experience
  • Architect level Enterprise Identity Management and Access Governance experience with emphasis on Role Based Access Control
  • Expertise in access control list (ACL), Segregation of Duties (SoD), users, dynamic groups and roles planning and implementing
  • Familiarity with Governance and Compliance issues and solutions as it relates to Identity Management
  • Single Sign On and system integration to consolidate user accounts/identities
  • Hands-on project experience mapping business requirements to business logic, designing and implementing custom identity workflows, resource provisioning, and role based access controls
  • Information governance, data security, access definition and data protection skills is desired
  • Strong verbal and written communication skills with the ability to adapt information delivery based on the target audience
  • Experience in writing/reviewing code in Java, Java Script and other programming/scripting languages
  • Working knowledge of Unix/Linux administration, databases (SQL) and LDAP directories (AD, etc.)
  • Knowledgeable in user and system lifecycle management
  • Prefer prior experience with IAM technologies such as ITIM, OIM, TAM, OAM, and SailPoint
  • Prefer prior experience in integration technologies such as EDI, Web Services and Virtual directories
  • Ability to work in a fast paced, highly visible, changing environment
  • Proven ability at building working relationships with partners, peers, and senior Management
  • Ability to troubleshoot complex identity and access management design and technology solutions
  • Ability to multitask and manage multiple topics and demands concurrently
  • Working knowledge of IT processes (i.e., ITIL) including incident, problem, defect, change and release management
  • Prior working experience in a Pharmaceutical company is a big plus
  • Highly organized, results-oriented and attentive to details
  • Self-motivated, proactive, independent and responsive – requires little supervisory attention
  • Excellent presentation, facilitation and diplomacy skills
  • High level of personal integrity consistent with Gilead’s core values
8

IT Security & Risk Lead Resume Examples & Samples

  • Lead the disaster recovery/business continuity planning function
  • Bachelor’s Degree in Computer Science or equivalent work experience
  • Plus 5 years of broad information technology experience
  • Minimum of 2 years in information security and/or internal audit
  • Security certifications such as CISSP, CEH, CCSP and CISM are preferred
9

Senior IT Manager, Global IT Security & Risk Resume Examples & Samples

  • Define/facilitate the Information Risk Management process including the reporting/oversight of treatment efforts to remediate negative findings
  • Define, maintain, and publish Global Security Policies and Standards; provide consulting to Business/Technical resources on security mitigation of identified security gaps/risks and compliance to Global Security Policies
  • Define/manage the Vulnerability Management process including the identification of vulnerabilities, provide consulting to business/technical resources to remediate vulnerabilities, and align vulnerability remediation processes with existing Infrastructure programs
  • Define/manage the Identity & Access Management (IAM) program including the setting of standards for IAM, collaborating with application/infrastructure owners to implement IAM, implementing privileged access, and advancing our security position through a well-managed IAM program
  • Develop and enhance an information security framework based on NIST Cybersecurity Framework (CSF) and International Organization for Standardization (ISO 2700X)
  • Liaise among IT Security & Risk Management teams and Corporate Compliance, Audit, Legal, Quality and Privacy to ensure alignment of goals and support of cross-functional initiatives
  • Provide leadership and direct supervision, mentoring, and performance management for Risk Management team including setting and managing priorities, timelines and schedules
  • Participate in the research, analysis, selection, and implementation of new tools, technologies and/or services
  • Use influence to drives key security decisions required to progress key security initiatives and the overall program
  • Assist in facilitating a Global security governance board that brings together leaders throughout the organization to communicate the overall security posture and drive key decisions for ultimate adoption
  • Develops collaborative relationships with business partners, peers and subordinates to collectively explore partnership opportunities with people inside and outside the organization
  • Manage vendor relationships, deliverables, and support requirements
  • Facilitate management focus on KPI, KRI, and key risk activities (policy compliance, goal tracking and remediation tracking)
  • Create and manage information security and risk management awareness training programs for all employees, contractors, vendors and partners
  • Manage and support the development of your team so that they can fulfill current or future job/roles responsibilities more effectively
  • Minimum 7-10 years of experience in a combination of Risk Management, Information Security, and IT Roles, with 3-5 years managing/leading teams
  • Knowledge of common information security frameworks, such as ISO/ISEC 27001, ITIL, COBIT, NIST and HIPPA
  • Professional Security Management Certifications such as Certified Information Systems Security Professional (CISSP). Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), or other similar credentials, is preferred
  • Knowledge of common information security management frameworks such as ISO/IEC 27001, ITIL, National Institute of Standards and Technology (NIST) Cyber Security Framework (CSF)
  • Excellent written and verbal skills, interpersonal and collaborative skills, and the ability to communicate security and risk related concepts to technical and non-technical audience
  • Experienced in preparing PowerPoint Presentations, Visio diagrams, risk assessments, training and documentation that reinforce the security program strategy and policies
  • Experience with Archer platform strongly preferred
10

IT Security Risk Management Senior Consultant Resume Examples & Samples

  • Strong experience with the use of ISO 27001 control framework and Information Security Management System (ISMS) implementation. Applied experience with ISO 27002, ISO 27005, or ISO 31000 is also valuable
  • Notable knowledge of recognized IT process and quality frameworks such as COBIT or ITIL
  • A deep, meaningful, and marketable expertise with the many facets of Risk Management and Risk Treatment
  • Proven ability to apply skills to analyze root causes and trends to deal with issues that are not readily defined, or that conflict with available information, and wisdom to know that there are always multiple solutions to any given problem
  • Demonstrated ability to communicate risk to risk owners in a way that consistently drives objective, fact-based decisions that optimize the trade-off between risk treatment/mitigation and business performance
  • Demonstrated ability to operate independently, manage time effectively, and make decisions which support the goals of management
  • Broad range of experience, including both technical and non-technical facets of IT internal controls and compliance, including administrative, logical, and physical controls
  • Experience with risk analysis and securing of cloud-based solutions
  • Advanced capabilities in Microsoft Office, especially Excel, PowerPoint, Visio, and Project
  • Demonstrable experience with both RSA Archer and ServiceNow is strongly preferred
  • Strong customer service behavior and continuous quality improvement orientation
  • Very strong project management skills
  • General awareness and broad understanding of business process controls (e.g. COSO)
  • Demonstrated ability and willingness to
11

IT Security & Risk Management Senior Analyst Resume Examples & Samples

  • Planning and design of enterprise security architecture and controls utilizing established security frameworks including: COBIT, NIST CyberSecurity Framework, NIST 800-53, NIST 800-171, and IEC 62443 to ensure adequate security controls are in place to meet multiple industry and/or regulatory requirements including (but not limited to): Sarbanes-Oxley, HIPAA, FAR, DFAR, ITAR, EAR, NISP, and FDA
  • Develop, implement, maintain, and oversee enforcement of policies, procedures and associated plans for system security administration and user system access based on industry-standard best practices
  • Perform the deployment, integration, initial configuration, and ongoing maintenance of all new security solutions and of any enhancements to existing security solutions in accordance with standard best operating procedures generically and the enterprise’s security documents specifically
  • Monitor security events, alerts, and reports for unusual or suspicious activity. Interpret activity, respond to incidents, and make recommendations for resolution
  • Partner effectively and efficiently by consulting with global teams to enhance business processes, ensuring that required IT controls, compliance, and regulatory standards are met and support application, infrastructure, and business needs
  • Maintain current, detailed knowledge of the IT security industry, including awareness of new or revised security solutions, improved security processes and the development of new attacks and threat vectors
  • Oversee compliance activities and assist as needed with quality evaluations, uncover errors or deficiencies, and identify opportunities for improvement
  • Recommend enhancements to existing systems and solutions to improve overall enterprise security
  • Participate in the planning and design of an enterprise Business Continuity Plan and Disaster Recovery Plans
  • Minimal travel may be required to meet the needs of the business
  • A minimum of a Bachelor’s degree or equivalent experience is required for this position; a Bachelor’s degree in IT/Business is preferred
  • Experience of 2 years is required for this position, assuming education requirement are met. Equivalent industry experience of 2 or more years is highly desirable
  • Formal training and certification in CISSP, CISM or CISA are preferred, and will be required to maintain the position
  • Demonstrated effective organization, facilitation, communication and presentation skills
  • Working knowledge of regulations and related requirements as they pertain to Information Technology for Sarbanes-Oxley (SOX), International Traffic In Arms Regulations (ITAR), Federal Drug Administration (FDA), Health Insurance Portability & Accountability Act (HIPAA), Export Administration Regulations (EAR)
  • Working knowledge of compliance standards for Information Technology including Control Objectives for Information & Related Technology (COBIT), NIST Cybersecurity Framework, NIST 800-53
  • Advanced computer skills, including Microsoft Office Suite and Visio
12

Director, IT Security Risk Management Resume Examples & Samples

  • Owns the overarching IT Risk Management Program
  • Responsible for defining, resourcing, and ensuring the continuous improvement of the following sub programs
  • Past Senior Management or Director experience managing teams of senior security professionals
  • 8+ years of related security risk assessment, vulnerability management, or audit work experience
  • Excellent customer service skills required
  • NIST 800-53, ISO 27001/2 experience, CISSP, CISM or CISA certification
13

IT Student for Group IT Security & Risk Resume Examples & Samples

  • Coordination and planning of meetings & events
  • Prepare presentations
  • Planning of deliveries
  • Communication in organisations
  • Experience & skills in Microsoft Office including Word, Excel, PowerPoint, and Outlook
  • Experience with MS SharePoint and IBM Lotus Notes is desired
  • Graduate student in e.g. communication, organisational psychology or business administration
  • Work experience with supportive and administrative tasks
  • Be able to read, write speak and understand the English language
14

IT Student for Group IT Security & Risk Resume Examples & Samples

  • Advanced knowledge of MS Office tools especially excel and power point and have good presentation skills
  • Detail oriented and able to review legal and policy documents
  • Wider knowledge in the field of cybersecurity issues especially regarding current partnerships and collaboration schemes would be a big advantage
  • Familiarity with technical used terms referring to attacks and risks coming from cyberspace as well as cybercrime features (ex. DDos, malware, ransomware etc) would also be a plus
  • Ad hoc administrative support
  • Handling of a wide range of tasks regarding projects, planning meetings and prepare material beforehand
  • Reaching short deadlines
  • The appropriate candidate studies security risk management (or other relevant studies)
  • Ability to quickly gain new tech skills
  • Excellent written and spoken English language skills
15

IT Security Risk Consultant Resume Examples & Samples

  • Perform due diligence in working with vendors to evaluate IT vendor controls related to the services provided to CELERITY
  • Understand services provided by the vendor and the CELERITY data the vendor will be able to access. Determine the inherent risk rating based on these factors
  • Coordinate analysis and response with internal teams including Procurement and business areas
  • Evaluate vendor controls and determine the residual risk rating
  • Provide a summary analysis to Procurement and the business areas seeking to leverage the vendor for services identified
  • Leverage existing templates and tools to efficiently and effectively assess vendors in a timely manner. Ensure RSA Archer is updated to accurately reflect vendor disposition and promote accurate reporting from the system of record
  • Experience with SSAE 16 Audits and SOC 1 Type 1 and Type 2 Reports a plus
  • Advanced knowledge of IT Security Standards and Frameworks including ISO
  • 3+ years of Management Consulting (BIG 4, BIG 5, etc) Experience
  • 5+ years of work related compliance experience or Information Security procedures development
  • Knowledge of industry accepted security frameworks such as NIST 800-53 and ISO 27001
  • Strong communication and facilitation skills
  • Ability to work independently with minimal supervision, as well as collaboratively with various constituents
  • Ability to effectively communicate across multiple levels of an organization specifically ability to provide clear concise communication with project team and mid-level management and demonstrated ability to influence or negotiate with other functional areas
  • CISSP/CISA/CIPP Certified
  • Experience in Financial Services Industry
16

Student Assistant With Documentation Skills for Group IT Security & Risk Resume Examples & Samples

  • IT Security for networks and operating systems
  • IT Auditing
  • Performing risk assessments and manage GRC tools to ensure up-to date overview of risks
  • Graduate student or equivalent in IT engineering, IT Auditing, Computer Science, Communication technology, e.g. IT Digital innovation & management, Cand.merc.aud or Business Administration and Information Systems
  • English at a high level (verbal and written) as reporting at executive level and to authorities is part of the job
  • Ability to craft professional presentations (Powerpoint)
17

Student Assistant With Presentation Skills for Group IT Security & Risk Resume Examples & Samples

  • Access management
  • Operational and/or IT risk management (frameworks, processes and controls)
  • Information Security Management Systems and processes
  • Maintaining risk registers and follow-up with risk owners individually
  • Conducting vulnerability analyses and security testing
  • Graduate student or equivalent in IT engineering, IT Auditing, Computer Science, Communication technology, e.g. IT Digital innovation & management, Digital design, communication, or Business Administration and Information Systems
  • Work experience with information security, IT risk management, IT auditing or in a legal/compliance function related to IT is preferred
  • Ability to create documentation
18

IT Security Risk Manager Resume Examples & Samples

  • Accountable for the ongoing management, compliance and governance of IS Information Security and Risk policies, processes and standards across the Group
  • To engage, support and work closely with the business at all levels to ensure IS Information Security regulations, requirement and policies are understood, communicated, & implemented effectively across all business functions
  • To engage, support and work closely with Corporate Information Security group/function, to ensure the confidentiality, integrity and availability of data and services are maintained against the risk of loss, misuse, disclosure or damage
  • To engage, support and work closely with the Group risk function, to ensure Business Continuity is appropriate for the IS business requirements
  • To engage, support and work closely with the Internal Audit function, to ensure IS Information Security is audited, represented and reported accurately and appropriate to each business function
  • To engage, support and work closely with all areas of the business at customer level ensuring the successful delivery and completion of all internal / external IS Information Security reviews / audits
  • Provide the leadership and oversight of information assurance, setting high level strategy and policy, to ensure stakeholder confidence that risk to the integrity of information in storage and transmit is managed pragmatically, appropriately and in a cost effect manner
  • Driving a culture of Information security management within IS that support the wider corporate risk and governance
  • You should be able to operate as a member of the Senior Management team, contributing to a wide range of Information Security risks and issues, to provide joint outcomes
  • You should have a strong background delivering & implementing information risk, assurance and information security strategy programs, within large corporate environments, ideally coming from a FTSE 100 environment or the logistics sector
  • You should have a strong knowledge of formal methodologies such as ISO27001 and COBIT would be ideal, or PCI programs
  • Information Security certification (e.g. CISSP, CISM) desirable
  • You must possess strong organisational, facilitation and critical thinking abilities, to assess complex requirements (technical & non-technical), analyse options, navigate diverse perspectives and objectives, and develop acceptable Information Security policies and procedures for Wincanton
  • You must have a strong technical background covering a broad range, including but not limited to application, infrastructure, servers, databases and service
  • You must have advanced MS Office skills and experience in managing multiple concurrent projects
  • You must have strong influencing and communication skills to impart the importance of compliance and the business impact of breaches of security
  • You must have the ability to influence & negotiate without line authority on all matters related to Information Security at all levels of the business
  • You must be passionate about risk and information security management
  • You must keep up to date with current security and risk issues and aware of industry best practice
  • You should have enquiring and investigative style and analytical skills and able to see the broader impact of potential security breaches
  • You should be able to work closely with all areas of the IS function and across the broader business
  • You should be able to conduct research into issues and products as required
  • You must be highly self-motivated and directed
  • You should be a champion of continuous improvements and operational excellence
  • You must be able to motivate and inspire others
19

Director, IT Security & Risk Management Resume Examples & Samples

  • Elevate risk awareness and empower employees thru comprehensive security and awareness training program
  • Primary liaison with audit and regulators (scope, control strategy, evidence gathering, issue validation, residual risk calibration) Responsible for monthly IT executive reporting on the status of open audit findings
  • Analyze audit reports to identify classes of risk and recommend corrective actions to IT management
  • Review preliminary audit reports with internal and external auditors. Ensuring understanding and validity of findings, and providing information regarding compensating controls so that audit reports accurately reflect the risk to BSC
  • Define, design and implement an overall IT risk management framework for the organization to support continued growth and profitability
  • Manage the process of identifying and assessing the overall risks affecting the business
  • Identify and assess inherent risks to IT business functions. Identify controls designed to address inherent risks. Identify and track residual risks given design and effectiveness of controls. Propose technology solutions to assist in the identification, reporting, and monitoring of risks
  • Oversee, and in some areas implement risk control actions (e.g. security measures, liaison with regulators, business continuity plans, etc.)
  • Monitor, evaluate and challenge the organization’s success in managing its overall risks
  • Organize appropriate risk reporting, internally and externally
  • Consults with IT technical teams and collaborates to develop plans to drive improvement in the annual IT Maturity Assessment
  • Develop risk and control metrics
  • Maintain risk acceptance documentation
  • Coordinate governance communication
  • Control design advice
  • Facilitate resolution of issues; escalate issues appropriately
  • Prepare project status and program readiness reports
  • Drive the definition of roles and responsibilities across the first, second, and third lines of defense
  • Strong leadership skills with a high level of drive and initiative. Ability to work with minimal supervision
  • Bachelor’s degree in MIS, Accounting, or Computer Science required; Master’s degree preferred
  • 10-15 years related work experience including experience managing and/or directing an information service operation, specifically within Risk Management and Compliance
  • Demonstrated experience with developing and coaching a team
  • Extensive experience in risk management, compliance, strategic planning, budgeting and allocation, implementation, information security program development, and administration
  • CISM or CISSP certification is preferred
20

IT Security & Risk Monitoring Director Resume Examples & Samples

  • Determine and maintain an inventory of all regulatory, commercial and organizational technology compliance requirements
  • Support the creation and modification of all technology compliance policies and procedures while working with the Chief Information Officer, Chief Information Security Officer, and Chief Technology Officer
  • Manage the overall IT compliance-related budget/financial spend in accordance with the desired IT compliance risk appetite of the organization
  • Assist business and IT managers with the acquisition of tools and expertise to assist with IT compliance-related projects and initiatives
  • Create an IT compliance training and awareness program that periodically educates the requisite end-user community on the relevant IT compliance requirements, and certifies their adherence to the relevant IT compliance controls
  • Collaborate with decision makers to provide actionable insights and recommendations that will lead to better business decisions. Review at departmental and strategic hospital levels to provide input into the information security budget and resource planning
  • Work with hospital operations to coordinate IT Security’s responsibilities to educate, inform and train hospital departments on IT security, cybersecurity threats and privacy security including working with operations to perform an annual internal disaster drill for a cyber-security attack
  • Create a vulnerability management program to manage and monitor evolving threat landscape and partner with responsible IT teams helping them to understand the deficiencies and recommending mitigation or remediation activities to resolve open vulnerabilities and reduce risk
  • Responsible for developing IT policies and standards based on best practices and work across IT to ensure policies and standards are appropriately followed, exceptions are tracked, and compliance objectives are met. This person will work with the IT directors to understand staffing, funding, and other constraints as well as define the appropriate mechanism for managing and escalating all issues and risks for the successful completion of all remediation issues
  • Bring a deep background and broad experience in Identity and Access Management, Information Security or related business areas and expert understanding of business process, scope and risk management, and scorecard/dashboard development
  • Implement a Data Security Governance program to ensure appropriate controls are in place to govern sensitive data sharing, conduct vendor risk assessments, onboarding and off-boarding of 3rd party vendors
  • Drives continuous improvement in IT governance, risk, compliance and security practices based on expert knowledge in domain areas, industry best practices, business objectives and risk tolerances
  • Coordinate IT management responses to internal and external audit reports
  • Review preliminary audit reports with internal and external auditors. Ensuring understanding and validity of findings, and providing information regarding compensating controls so that audit reports accurately reflect the risk to Keck Medical Center of USC
  • Reviews and evaluates IT’s overall control environment using strong, pragmatic analytic and problem-solving skills
  • 7+ years of experience in an IT Director/Manager role with strong customer service background (Healthcare and/or Academic industry preferred). Experience being a Leader and managing staff. Experience building project teams and driving change within an organization
  • 5+ years in Information Security Management. Experience creating and enforcing corporate policies, procedures and standards
21

IT Security & Risk Architect Resume Examples & Samples

  • Assisting the Security Architecture and Engineering Manager in the assessment and definition of Bord Gais Energy’s / Centrica’s information security architecture, including
  • Collaborating with management, security teams, and other stakeholders to determine information security needs and requirements for networks (WAN, LAN, Wireless), virtual private networks (VPNs), firewalls, routers, cloud security, and related security and network devices
  • Assessing Information Technology (IT) products and technologies
  • Evaluating the interface between hardware, software, and operational and performance requirements of overall system
  • Reviewing Bord Gais Energy’s / Centrica’s information security architecture and platforms to identify integration issues and opportunities to enhance information security practices
  • Assisting the Security Architecture and Engineering Manager in the development of Centrica’s information security architecture, including
  • Developing reference architectures across applications, infrastructure, and network environments
  • Integrating security controls into a cohesive architecture that sufficiently mitigates risk to the organization
  • Identifying and developing security requirements to be included in statements of work and other appropriate procurement documents
  • Collaborating with system developers and users to select appropriate design solutions or ensure the compatibility of system components
  • Defining and documenting how the implementation of a new system or new interfaces between systems impacts the security posture of the current environment
  • Translating proposed technical solutions into technical specifications
  • Assisting the Security Architecture and Engineering Manager in conducting technology and vendor assessments to validate that information security technology portfolios are kept up to date and meet contractual requirements
  • Providing inputs on secure service offerings for transformation IT activities
  • Supporting project scoping, requirements gathering, risk assessments, and the design of security projects
  • Reviewing and communicating information security policies, standards, and procedures
  • Deep IT technical skills (information security solutions in detail, public key infrastructure (PKI), file encryption, programming, support, workstations, network, cloud solutions, etc.)
  • Experience in and knowledge of operating systems (e.g., Android, iOS, Linux, Windows, MVS, VMWare), hardware and software platforms, and protocols as they relate to information technology
  • Knowledge of secure reference architectures, such as infrastructure, network, and application design
  • Ability to analyze business needs and requirements to plan system architecture
  • Knowledge of secure software development methodologies, tools, and practices
  • Hands on experience with the implementation of security solutions
  • Knowledge of critical IT procurement requirements
  • Strong analytical and problem solving skills, with high learning agility
  • Ability to work under pressure and cope with competing demands
  • Demonstrates critical thinking and applied conceptual thinking
  • Demonstrated ability to work in teams, with the ability to effectively prioritize work/delivery commitments to achieve timely and effective outcomes
  • Bachelor’s degree preferred in area(s) of study such as information technology, computer science, information systems, or related field, or high school diploma with relevant work experience