Manager, Information Security Risk at Nextiva in Remote
The Information Security Risk Manager is responsible for the identification and remediation of organization and vendor information security and data privacy risks. The Risk Manager is responsible for implementing and operating the company information security risk management program. This includes conducting periodic risk assessments and reviews, identifying risks, maintaining a risk register, and prioritizing and leading remediation efforts across the organization. Key
Responsibilities:
Design and implement an Information Risk Management Program that is consistent with standard risk management frameworks, such as ISO and NIST. Conduct periodic, formal risk assessments to comply with the information security program and regulatory requirements. Within the framework, identify, rate, prioritize and lead mitigation of information security and privacy risks and weaknesses. Manage vendor security and privacy risks by conducting initial and assessments of vendors and recommending and implementing technical and contractual mitigations. Respond to vendor security risk questionnaires from customers. Identify system boundaries to manage risk and appropriate control scope. Understand and account for the risk appetite of the business in overall management of risk. Support external audit. Demonstrate company values of caring, forward thinking, and simplicity. Perform other duties to support the technical and operational security of the organization as required. Support the company's Information Security Program by participating in security training and awareness, risk assessment, incident management, and business continuity planning
Qualifications:
Bachelor's degree in an IT related field or equivalent experience and 5
years of experience in information and privacy risk management. 3
years people leadership/managerial experience. Demonstrated experience writing and implementing risk management policies and processes consistent with standard frameworks such as ISO and NIST. Experience designing, implementing, and operating a vendor risk management program. Experience supporting or conducting risk assessments and reviews. A CISSP, CISM or other security industry certification is desired. Competencies:
Strong analytical problem-solving skills and attention to detail. Organization, Time Management & Prioritization - Self-starter that focuses on key priorities; plans; organizes, schedules and executes on tasks and projects in an efficient and productive manner. Ability to influence others and achieve objectives without owning the resources. Ability to form productive relationships across the organization to accomplish information security objectives. Professional verbal and written communication skills in English, and the ability to write clear, concise, and effective policies and procedures. Expresses ideas using clear, effective and efficient language. Listens patiently and attentively. Adapts to the purpose of the communication with appropriate style, substance, detail, confidence and channel. Possess the ability to manage multiple channels of communication simultaneously; phone, email, tickets, and chat.
Salary Range:
$200K -- $250K
Minimum Qualification
IT Security, Technology ManagementEstimated Salary: $20 to $28 per hour based on qualifications.
Responsibilities:
Design and implement an Information Risk Management Program that is consistent with standard risk management frameworks, such as ISO and NIST. Conduct periodic, formal risk assessments to comply with the information security program and regulatory requirements. Within the framework, identify, rate, prioritize and lead mitigation of information security and privacy risks and weaknesses. Manage vendor security and privacy risks by conducting initial and assessments of vendors and recommending and implementing technical and contractual mitigations. Respond to vendor security risk questionnaires from customers. Identify system boundaries to manage risk and appropriate control scope. Understand and account for the risk appetite of the business in overall management of risk. Support external audit. Demonstrate company values of caring, forward thinking, and simplicity. Perform other duties to support the technical and operational security of the organization as required. Support the company's Information Security Program by participating in security training and awareness, risk assessment, incident management, and business continuity planning
Qualifications:
Bachelor's degree in an IT related field or equivalent experience and 5
years of experience in information and privacy risk management. 3
years people leadership/managerial experience. Demonstrated experience writing and implementing risk management policies and processes consistent with standard frameworks such as ISO and NIST. Experience designing, implementing, and operating a vendor risk management program. Experience supporting or conducting risk assessments and reviews. A CISSP, CISM or other security industry certification is desired. Competencies:
Strong analytical problem-solving skills and attention to detail. Organization, Time Management & Prioritization - Self-starter that focuses on key priorities; plans; organizes, schedules and executes on tasks and projects in an efficient and productive manner. Ability to influence others and achieve objectives without owning the resources. Ability to form productive relationships across the organization to accomplish information security objectives. Professional verbal and written communication skills in English, and the ability to write clear, concise, and effective policies and procedures. Expresses ideas using clear, effective and efficient language. Listens patiently and attentively. Adapts to the purpose of the communication with appropriate style, substance, detail, confidence and channel. Possess the ability to manage multiple channels of communication simultaneously; phone, email, tickets, and chat.
Salary Range:
$200K -- $250K
Minimum Qualification
IT Security, Technology ManagementEstimated Salary: $20 to $28 per hour based on qualifications.
|
|
 | |
