Cybersecurity Risk Management Program Lead
Cybersecurity Risk Management Program Lead
Posted on :
03-11-2024
Employer Active
Job Alert
You will be updated with latest job alerts via emailValid email field required
Send jobs
Share
Send me jobs like this
Job Alert
You will be updated with latest job alerts via emailValid email field required
Send jobs
Job Description
Client
WSI
Job Title
Cybersecurity Risk Management Program Lead
Placement type (FTE/C/CTH)
Contract high likelihood of conversion
Duration
6 months CTH
Location
Hybrid: MonThur onsite either Rocklin or SF
Fri WFH
Start Date
ASAP
Pay Rate Guidelines
$63/hour on w2
Work Authorization (open to ISS/C2C)
Must be able to convert without sponsorship
Interview Process
4 Rounds
Project Description
- Responsible for developing implementing and managing our organizations cybersecurity risk management program.
- Identify potential cybersecurity risks help to identify mitigations escalate matters requiring management attention and oversee timely and effective remediation of risks to critical company information.
- Responsible for: providing support to business units in performing risk assessments due diligence activities and data management; ongoing oversight; and risk reporting.
Top Requirements
(Must haves)
Qual Notes
- Experience with a wide range of technology anticipate potential risks in a variety of technical
- Platforms UNIX/Linux AS400 Windows
- Applications Ecomm retail stores corporate shared services PCI requirements SOX requirements
- Identify the kinds of risks that a multichannel retailer is susceptible to
- Experience in presenting cybersecurity risk into business language board of directors/nontechnical
- Experience with Mitre Attack Framework
- Bachelors degree in Cybersecurity Information Technology Computer Science or a related field. or equivalent experience
- Minimum of 710 years of experience in cybersecurity with at least 5 years in a risk management role
- Proven experience in leading cybersecurity risk management programs
- Federal or Military risk management program experience is a big plus
- In depth knowledge of risk assessment and risk analysis
- Experience in the retail industry a plus
- Experience in a leadership role within a medium to large organization
- Understand information security holistically and how it relates to business goals
- Excellent written oral and interpersonal communications skills with proven ability to champion causes with positive impact and change
- Strong analytical skills
- Extensive knowledge and experience with information security standards and methodologies including NIST 80053 NIST CSF PCIDSS ISO 9000 series COBIT Sarbanes Oxley HIPAA and other relevant industry security standards
Additional Qualifications
(Nice to Haves)
- CISSP CISM CRISC or similar certification e.g. GIAC Certified ISO17799 Specialist (G7799)
- Privacy Certification (e.g. Certified Information Privacy Professional)
- Experience interfacing with and communicating information on complex privacy and security compliance issues to senior management and business units and external parties
- Experience with the ServiceNow Integrated Risk Management (IRM) tool
- Experienced in reviewing contracts for security risks and negotiating security terms with third parties
Additional Notes
- Avoid
- Experience just in controls
- implementing controls
- Sox controls
- The right person will understand controls and be able to test controls but would not be their main focus
- Mature our ability to identify articulate and advise on the right controls to implement
- What are some tools that are comparable to ServiceNow IRM
- Archer
- OneTrust
- Other GRC Tools
- About to migrate from SN GRC to SN IRM in 2026
Employment Type
Full Time
Report This Job
Disclaimer: Drjobpro.com is only a platform that connects job seekers and employers. Applicants are advised to conduct their own independent research into the credentials of the prospective employer.We always make certain that our clients do not endorse any request for money payments, thus we advise against sharing any personal or bank-related information with any third party. If you suspect fraud or malpractice, please contact us via contact us page.
