Direct Hire
- Location: local to Miami
- Travel: no travel
- This person must have the ability to lead future hires and drive direction of team
- Looking for someone who has run First Party Risk Management efforts specifically. While Compliance and Third Party Risk Management are very close, they are both very checkbox oriented. We need someone who has strong experience with Risk Management directly.
- FAIR or Open-FAIR (training, methodology, certified, etc.) or Bayesian (trained), will indicate formal training or experience in Risk Management directly.
Required Skills -
- Risk management frameworks and methodology
- Experience with Projects (BA type work), work with PM, knows how projects operate, coordinate with people
- A lot of risk assessments don't have PMO support so will be filling this gap
Preferred Skills -
- Using AI solutions: understanding AI platforms, risks associated with AI, rolling out co piolet
- General IT knowledge: networking, cloud, development, sys admin
- Training and awareness knowledge: select annual security training, phishing programs, LMS platforms (LMS 360)
Projects -
- Performing risk assessments
- Higher level strategy around risk management program
- Present findings to CIO's and presidents, translate tech language to business language
The Risk Manager is an individual contributor role with accountability for ensuring the effectiveness of the organization's information security governance framework, and works as part of a team to assess cybersecurity and technology risks against established frameworks, standards, policies and methodologies. This role involves analyzing, monitoring, and reporting on the company's security policies, procedures, and standards to ensure compliance with regulatory and industry requirements. The role also reviews and documents deficiencies, advocates for change and, when appropriate, escalates issues to senior risk leadership. The ideal candidate is business-minded, with five or more years experience in technology and security administration or security risk management. Practical hands-on technology experience in security principles, risk management and some business acumen is ideal.
Essential Functions -
- Lead in developing, maintaining, and implementing information security governance body (e.g.: Policies, Standards, Controls, etc.) following industry best practices and regulatory requirements
- Analyze current governance models and identify gaps or areas for improvement
- Perform risk analysis based on observations such as interviews, documentation review, and technical assessments. Collaborate with partners in Information and Cyber Security, Privacy, Compliance, Third Party Risk Management, IT and OT practitioners, and Internal Audit, across the enterprise to ensure understanding of potential business impact(s) resulting from identified risks. Identify Drivers, Preventive Controls, Risks themselves, Mitigating Controls, and Impacts from those Risks
- Serve as a liaison between the IT Security, Risk, and business departments to ensure cross-functional collaboration on security governance initiatives
- Lead efforts with business owners to create treatment plans to address risk drivers, facilitate communication and education of policies and standards for key stakeholders and employees.
- Support the coordination of security governance-related tasks within the broader IT or security projects
- Support the design and implementation of security governance projects or programs, including change management initiatives
Qualifications -
- Education: Bachelor's degree in Computer Science, Information Security, Information Systems/Technology
- Years & or Area of Professional experience: 5+ Years working experience, with a minimum of 5 years in IT Security and Governance or Risk Management is preferred
- Critical Professional related Technical Skills, Computer Skills: Experience with GRC tools such as OneTrust, Archer, etc. MS Office Suite, IT Risk Management, IT Governance, Audit or Regulatory Compliance. Active certifications in one of the related areas of security and governance such as CISA, CISSP, CRISC, etc are preferred.
- Knowledge, Skills & Abilities: High level of integrity and trust. Keeps abreast of current and emerging technical information security developments. Attending meetings and GRC related conferences. Ability to plan, coordinate, and execute complex Governance and IT Security assignments, design and apply tools, techniques, and procedures to maintain the highest standards of Governance and IT Security