Risk and Information Security Manager

Fisher Investments - Portland, OR

posted 7 days ago

Full-time - Mid Level
Remote - Portland, OR
Securities, Commodity Contracts, and Other Financial Investments and Related Activities

About the position

The Information Security Risk Management position at Fisher Investments is a critical role focused on performing technology risk analysis and recommending controls to support the firm's diverse businesses. This position will work closely with various teams, including Information Security, Technology, and Enterprise Risk Management, to enhance the security posture of Digital Assets and ensure compliance with risk management goals. The role involves evaluating inherent risks, researching vendor practices, and continuously maturing risk evaluation procedures.

Responsibilities

  • Perform technology risk analysis and recommend controls.
  • Develop, recommend, and implement technology risk practices for Digital Assets.
  • Represent Information Security in Enterprise Risk Management technology reviews.
  • Evaluate inherent risk and research vendor practices and controls.
  • Recommend new practices and controls and estimate residual risk.
  • Mature Enterprise Risk Management evaluation procedures for Digital Assets.
  • Collaborate with Subject Matter Experts to assess the efficacy of Digital Asset controls.
  • Research new technical and practical risk controls for Digital Assets.
  • Conduct security-focused risk and gap assessments for Cloud and physical IT infrastructure.
  • Identify risk levels and associated controls using quantitative and qualitative techniques.
  • Translate risk management measures from technical to business language.
  • Provide security risk services to business owners and partners.
  • Maintain knowledge of methodologies and technologies in risk assessments.

Requirements

  • 3+ years of experience in Enterprise Risk Management for Digital Assets.
  • 3+ years of experience in Digital Asset audit review (SOC 2 Type II, SOX compliance, PCI compliance).
  • Knowledge of Information Security and risk standards such as NIST 800-53, CIS benchmarks, OWASP, ISO-27001, and COSO.
  • Experience assessing risk or implementing controls in a cloud-based enterprise environment.
  • Extensive knowledge of information systems, risk assessment methodologies, and security control technologies.
  • Ability to balance risks in ambiguous and complex scenarios.
  • Experience in GRC platforms.

Benefits

  • 100% paid medical, dental and vision premiums for employees and qualifying dependents.
  • 20 days of PTO, plus 10 paid holidays.
  • Family Support programs including 8 week Paid Primary Caregiver Leave, fertility, family forming, and hormonal health assistance.
  • Back-up child, adult, and elder care support.
  • Opportunity to participate in a hybrid work from home program, allowing up to 75 days per year based on tenure and performance.

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service