We are seeking great people for a rewarding opportunity. We have an immediate need for IT Security Risk Assessors who have a proven background in Information Technology Supplier Risk Management.
This is a permanent, direct hire position that offers a competitive employee benefit package.
location: Jacksonville, Florida
job type: Permanent
salary: $9.99 - 99,999,999.99 per year
work hours: 9 to 5
The IT Security/Risk Assessor will be responsible for managing processes to ensure that suppliers processes meet risk management standards and for ensuring that required remediation are completed by suppliers. IT Security/Risk Assessor will monitor external assessment score and ensure the security reputation is adequately maintained.
This role requires hands on technical expertise to drive the development of an efficient assessment program and will need to work well with multiple stakeholders across the organization. Responsibilities will include assessment of security risk, validation of effectiveness of policies and controls, and analysis of the tradeoffs and alternatives when policies or requirements cannot be met.
- Optimizing processes to assess, measure and monitor security risk related to suppliers.
- Works with procurement, legal, security operations and product management to identify suppliers that require assessment and to ensure new suppliers being considered are assessed before contracts are completed.
- Completes assessments to help the organization identify, measure, monitor and mitigated security risk to meet the companies risk tolerance.
- Work with compliance and legal to understand the regulatory, legal and customer obligations for the security program and incorporate those factors into assessments.
- Coordinates the response and gathering of information to support the security related requirements for customer assessments and RFPs.
- Identifies potential new or emerging requirements as part of RFPs and completes a gap assessment. Coordinates with the Security Governance Director to address gaps with the appropriate constituents
- Independent challenge point and not afraid to build an argument against a current practice while developing and demonstrating solutions to overcome existing identified weaknesses.
- Continually prioritize and coordinate the improvements identified in assessments with the priorities of the business and the actions being completed make recommendations for action to the Security Governance Director.
- Makes pragmatic decisions including considering alternative solutions related to tradeoffs to help optimize the monetary investments to reduce security risk.
- Performs ongoing testing and monitoring of suppliers as required by the risk of the supplier organization.
- Assists in getting applicable suppliers included in the certifications.
- Works well with the Information Technology, Security Operations and business constituents to build support to related to the identification and resolution of security risks.
- Effectively escalates risks that require immediate attention to their management.
- Monitors, tracks and ensures remediation activities and issues are resolved in a timely fashion and escalates issues as required to drive required actions.
- Have a working understanding of GRC systems and multiple security frameworks.
- Organizes and manages security education and training program including coordinating periodic awareness articles and developing job specific training based upon risk.
- Must be able to lead meetings, technical discussions. Additionally, must maintain strong, clear and effective communication across a variety of different stakeholders.
- Assist in the completion of post-event reviews and develop action plans with associated stakeholders to help resolve the root cause of underlying events.
- Manage and continuously prioritize multiple competing priorities.
skills: GENERAL KNOWLEDGE, SKILLS & ABILITIES:
- Bachelor degree in Computer Science, Information Technology, Information Security, Risk Management, Accounting, or related field required.
- Minimum of 2 years information security experience with an understanding of both on premise and cloud technologies.
- Security certifications preferred.
- Implementation and/or design of technical security architectures within a large enterprise environment is preferred.
- Familiarity and experience in working in multiple environments and with multiple security frameworks and processes is preferred.
- Understanding of security frameworks and the deployment and monitoring of controls effectiveness
Equal Opportunity Employer: Race, Color, Religion, Sex, Sexual Orientation, Gender Identity, National Origin, Age, Genetic Information, Disability, Protected Veteran Status, or any other legally protected group status.