Information Security Risk Manager

About The Position

Requirements

• 3+ years of experience in Enterprise Risk Management for Digital Assets, including risk evaluation processes and vendor research.
• 3+ years of experience in Digital Asset audit review (SOC 2 Type II, SOX compliance, PCI compliance).
• Knowledge of Information Security and risk standards such as NIST 800-53, CIS benchmarks, OWASP, ISO-27001, and COSO.
• Experience assessing risk or implementing controls in a cloud-based enterprise environment.
• Extensive knowledge of information systems, risk assessment methodologies, and security control technologies.
• Ability to balance risks in ambiguous and complex scenarios.
• Team-oriented with experience leading initiatives.
• Experience in GRC platforms.

Responsibilities

• Represent Information Security in Enterprise Risk Management technology reviews for Digital Assets, including evaluation of inherent risk and vendor practices.
• Continuously mature Enterprise Risk Management evaluation procedures for Digital Assets.
• Collaborate with Information Security, Technology, and Data Privacy Subject Matter Experts to assess the efficacy of Digital Asset controls.
• Research new technical and practical Digital Asset risk controls.
• Perform security-focused risk and gap assessments for Cloud and physical IT infrastructure, applications, and vendors.
• Identify risk levels and associated controls using quantitative and qualitative techniques.
• Translate risk management measures from technical to business language.
• Provide security risk services to business owners and partners.
• Maintain knowledge of methodologies and technologies in risk assessments and controls.

Benefits

• 401(k) matching
• Caregiver leave
• Dental insurance
• Health insurance
• Paid holidays
• Paid time off
• Vision insurance