Director, Risk Management and Security Strategy

  • location: Des Plaines, IL
  • type: Permanent
  • salary: $133,000 - $175,000 per year

job description

Director, Risk Management and Security Strategy

job summary:
The Director Risk Management & Security Strategy provides strategic leadership in support of information security program by monitoring emerging threats and partnering with others to create an effective plan to respond. The Director is a member of the Expanded IT Leadership Team (EITLT), reports to the Vice President, Corporate Systems and Strategy and interfaces with security engineering, EITLT peers, risk leaders in the business, audit professionals, external security partners, and regulators. One role (Lead Business Analyst, Risk Management) reports directly to this role.

location: Rosemont, Illinois
job type: Permanent
salary: $133,000 - 175,000 per year
work hours: 8am to 4pm
education: Bachelors

Collect insight to assess information security risk and prioritize needed investment:

-Understand emerging threats in the information security domain;

-Set targets for risk management maturity and operational KPIs aligned to business needs;

-Complete periodic risk assessments using established tools and frameworks;

-Determine gaps in controls (whether people, process, or technology) and propose cost-effective initiatives to remediate;

-Develop multi-year roadmaps to address gaps and develop business cases to secure funding.

Deliver security enhancement initiatives:

-Execute security improvement initiatives prioritized within the risk management portfolio;

-Provide technology solutions to support compliance policy and external regulations (e.g. records retention, SOX, PCI, HIPPA);

-Document security standards and advise project teams to ensure compliance with patterns;

-Develop, maintain, and test incident response plan;

-Quarterback security incidents and breach recovery efforts in collaboration with technical and business stakeholders;

-Document, update, and cascade security policies and procedures aligned to strategy;

Monitor the control landscape to measure performance:

-Implement a risk management dashboard and ensure periodic updates by metric owners;

-Assess third party security and risk management maturity prior to decision-making and periodically during relationships;

-Conduct vulnerability testing and document findings for future remediation;

-Support internal and external IT audit engagements by providing required artifacts and documenting findings for future remediation;

-Assessing compliance with security standards and document findings for future remediation.

Respond to identified deficiencies consistent with business need and prioritization:

-Lead training program to improve security awareness and compliance;

-Aggregate and analyze all deficiencies to develop remediation plans and influence multi-year roadmap;

-Identify strategic vendors and manage relationships effectively.

  • Experience level: Experienced
  • Minimum 5 years of experience
  • Education: Bachelors (required)
  • Roadmapping (5 years of experience is required)
  • Vendor Management (5 years of experience is required)
  • Information Technology Experience (10 years of experience is required)
  • Compliance (5 years of experience is required)
  • Cyber Security
  • Audit
  • SECURITY (5 years of experience is required)
  • CISA
  • CISM
  • Risk Management (5 years of experience is required)
  • strategic planning (5 years of experience is required)

Equal Opportunity Employer: Race, Color, Religion, Sex, Sexual Orientation, Gender Identity, National Origin, Age, Genetic Information, Disability, Protected Veteran Status, or any other legally protected group status.

get jobs in your inbox.

sign up

related jobs