Senior Information Risk Consultant

📋 Description

• Take the lead in performing information risk assessments as assigned to the team.

• Request and evaluate the documentation required to conduct a thorough assessment, including necessary interviews to gather and review relevant materials essential for producing assessment results.

• Clearly and effectively document and convey risk assessment findings to the requester, security architects, and management as needed.

• Execute and develop appropriate risk scoring related to threats, vulnerabilities, likelihood, impact, security controls/countermeasures, and more.

• Carry out follow-up actions concerning assigned risks, ensuring that mitigation efforts remain on track.

• Communicate risk treatment strategies, including risk avoidance, acceptance, transference, and mitigation, to the relevant groups.

• Assume a leading role in collaborating with various projects and initiatives to implement security architecture requirements, create architectural solutions, integrate security into design solutions, assess risks associated with security gaps, and establish remediation strategies.

• Prepare and deliver presentation decks to various management levels and audiences with differing technical expertise.

⛳️ Requirements

• Bachelor’s Degree in Information Security, Information Systems, Information Assurance, Computer Science, or a related field.

• Minimum of 10 years of experience in Information Security, Governance, Risk, and/or Compliance.

• 7 to 10 years of experience in Information Security and/or Information Risk Management and/or Information Technology.

• 5 to 7 years of experience in Information Security Governance, Risk, and/or Compliance functions and activities.

• Knowledge of technologies including Intrusion Prevention Systems (IPS), firewalls, endpoint protection, web/email filtering, Data Loss Prevention (DLP), digital rights management, encryption, Security Event and Incident Management (SEIM), and virtualization platforms.

• Experience working within an information security role utilizing the HITRUST Common Security Framework (HITRUST CSF) or the NIST 800-83 cybersecurity framework.

• Comprehensive understanding of network security architecture, as well as network and networking protocols.

🏝️ Benefits

• Health insurance

• 401(k) matching

• Flexible work hours

• Paid time off

• Professional development opportunities