Our client is looking to hire a candidate to carry out the following responsibilities:
- Provide guidance and leadership directly assisting the Head, Information Security and Risk Management with the maintenance of the Information Security Program including designing and implementing Risk Management processes.
- Manage enterprise-wide and targeted IT Risk Assessments including Risk Analysis and Control Assessments
- Direct and work closely with Business Units with recommended risk assessments per Regulatory Guidance that have technology-related aspects.
- Direct the performance of Risk Assessments of affiliates and annual assessments.
- Manage and provide direct support for Internal Audits and Regulatory Exams impacting Information Technology and Security.
- Provide leadership in conducting vendor information security reviews, including the review of the extended supply chain risk potentially introduced by service providers and related risk rankings for the sensitivity of information.
- Provide leadership in assessing risk to company operations including incident management and business continuity.
- Assist with other Risk Management and Information Security activities as needed.
- Attend Technology Incident Response Team Meetings as needed.
- Stay current with laws & regulations concerning information security. Work with Technology Services and Information Security personnel to integrate the appropriate level of processes and controls as necessary to mitigate risks.
Qualifications, skills and experience:
- Bachelor’s degree in Computer Science, Information Security, Risk/IT Management or related field required
- Certification of CISA, CISM or any related certification required
- At least 7 years of work experience as an IT Auditor or Information Security Professional responsible for supporting and practising day to day operations of an Information Security Governance Program or security operations is required;
- Experience making value-added recommendations related to information security, IT and regulations to project teams during all phases of a system development life cycle and project lifecycle required.
- Extensive knowledge of generally accepted security practices and IT best practices required.
- Knowledge of Windows and UNIX operating systems and Oracle and sequel databases preferred.
- Excellent verbal and written communications skills are required
- Experience managing security and risk programs are required.