JOB SUMMARY/OVERVIEW

Security Risk Manager will oversee the company's security risk management program. The ideal candidate will have a deep understanding of security risks, threats, vulnerabilities, and best practices for mitigating them. This position will be responsible for identifying and assessing risks, implementing risk mitigation strategies, and managing the overall security risk posture of the company.

ESSENTIAL DUTIES/RESPONSIBILITIES

• Develop and implement a comprehensive security risk management program that includes risk quantification models.
• Conduct regular risk assessments to identify potential security threats and vulnerabilities.
• Analyze data and intelligence to assess the level of risk associated with different scenarios, using quantitative risk assessment techniques.
• Develop and implement risk mitigation strategies to minimize security threats and vulnerabilities, considering the fair distribution of risks and benefits among stakeholders.
• Ensure that security policies and procedures are in place and being followed.
• Monitor and evaluate the effectiveness of security controls and make recommendations for improvements.
• Provide security risk management guidance to other departments and stakeholders.
• Lead and manage a team of risk analysts, provide guidance, support, and foster collaborative work environment.
• Develop and maintain strong relationships with key stakeholders to ensure alignment of security risk management objectives.

JOB REQUIREMENTS AND QUALIFICATIONS

Education:

• Bachelor's degree in a relevant field (e.g., Information Security, Cybersecurity, Risk Management)
  

Training Requirements (licenses, programs, or certificates):

• Relevant certifications such as CISSP, CISA, CRISC, or equivalent are highly desirable
  

Experience:

• 8+ years of experience in security risk management or a related field
• Strong understanding of security risks, threats, vulnerabilities, and best practices for mitigating them
• Deep expertise in risk quantification models and tools
• Strong Knowledge of cyber security principles and standards
• Strong knowledge of information security management frameworks (e.g., NIST CSF, NIST 800-53COBIT, and regulatory requirements such as HIPAA, etc.
• Experience conducting risk assessments and developing risk mitigation strategies.
  

Other Knowledge, Skills and Abilities:

• Excellent written and verbal communication skills, interpersonal and collaborative skills.
• An understanding of business needs and dedication to delivering high-quality, timely, and efficient service to the business.
• Excellent prioritization capabilities, with an aptitude for breaking down work into manageable parts, effectively assessing the priority and time required to complete each part.
• An ability to work on several tasks simultaneously and pay attention to sources of information from inside and outside one’s network within an organization.
• An ability to effectively collaborate across multiple teams and ensure program needs are satisfied through interpersonal and trusted communication.

WORK ENVIRONMENT/OTHER INFORMATION (Travel required, physical requirements, on-call schedules, etc.)

• Minimal travel required.
• Work remotely with a high sense of personal accountability to complete assigned work.
• The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.