• Responsibilities:

    • Assisting management with organization’s risk appetite, and leading the efforts to implement and enforce it – making it relevant to the business on a day-to-day basis
    • Leading the effort to support the identification, analysis, and governance of information security risks across the organization
    • Understanding information security risks and assessing mitigation strategies to confirm alignment with risk appetite
    • Maintaining an inventory of key information security risks and threats applicable to the business
    • Continuing the advancement of the risk management efforts, including the framework
    • Maintain Security Process Library
    • Collaborating with various partners across the organization to gather relevant threat intelligence, effectively analyze, and communicate the state of the threat landscape, to include emerging threats
    • Building and facilitating risk assessment exercises and tracking remediation efforts
    • Researching and interpreting industry insights and best practices, along with interpreting impact of requirements from governing authorities
    • Maintaining strong working relationships with individuals and groups involved in managing information security risks across the organization to continue the advancement of the information security risk framework, processes, and technology
    • Building trust and effectively facilitating risk identification/analysis discussions
    • Breaking down work into manageable parts, effectively assessing the priority and time required to complete each part
    • Effectively translating technical language into business terms
    • Excellent communications, both oral and in written
    • Ability to be agile and work with ambiguity
    • Ability to work on several tasks simultaneously
  • Requirements:

    Qualifications/Requirements

    • 4+ years of professional experience in a risk/compliance related role (A MUST, no entry level profiles)
    • 3+ years of IT and/or cyber experience  (A MUST, no entry level profiles)
    • Experience with regulatory compliance, including information security management frameworks (e.g., NIST CSF, ISO2700x, SANS Top 20 Critical Security Controls, SOX, COBIT) preferred
    • Demonstrable experience actively governing risks and threats globally
    • Demonstrable experience conducting risk assessments and facilitating executive level risk discussions
    • Strong presentation skills, both creating and presenting
    • Strong knowledge of the Information Security domain preferred
    • Advanced experience with productivity software such as Microsoft Office, specifically Excel and PowerPoint.
    • Experience with Archer GRC and Agile delivery frameworks

Saxon Chatbot