Previous Job
Previous
Manager, IT Security Risk
Ref No.: 18-07825
Location: Houston, Harris, Texas, Texas
GENERAL ACCOUNTABILITIES
Responsible for assisting with the operational activities of the Cyber Risk Management and Governance Program. Identifies IT risk and works with appropriate stakeholders to complete remediation activities.

SPECIFIC RESPONSIBILITIES
Third Party Risk Management
  • Work with business units and third parties to evaluate the risk of vendor relationships.
  • Perform risk assessments on third parties and translate IT risks into business risks.
  • Translate cyber risk into business risks and communicate this to business units.
  • Document identified risks and follow up on remediation activities through completion.
Application Security Assessments
  • Assist in the development of an application security assessment program.
  • Perform application security assessment on both internal and external applications.
  • Document risks associated with internal and external applications.
  • Manage the remediation activities associated with applications.
Risk Assessments
  • Supports internal and external audits, control reviews, risk assessments, and reporting as required
  • Tracks and manages action plans for the resolution of issues identified during assessment and audits. Performs analysis and reporting of compliance gaps.
  • Will assist in the implementation of action plans as well as provide compliance support to projects in order to improve performance of IT controls.
  • Collects and performs data analysis to ensure compliance with IT controls. Generates and distributes security compliance metrics.
SOX Control Review
  • Complete required SOX controls within the required time frame.
  • Work with other departments within IT to obtain the required evidence for SOX controls.
  • Perform analysis on SOX control evidence to ensure all controls have been performed according to the requirements.
  • Work with both internal and external auditors to provide evidence of compliance.
Vulnerability Management
  • Identify information system vulnerabilities through automatic and manual means.
  • Prioritize vulnerabilities based on the risk to SCI information systems and data.
  • Follow up on remediation activities to ensure identified risk are mitigated.
  • Assist in preparation of metrics and reporting for vulnerability management activities.
Security Awareness Training
  • Assist with the development of security awareness communications.
  • Assists with the execution of phishing email exercises.
Security Policies, Standards, and Procedures
  • Works with manager to maintains an up-to-date understanding of industry best practices or frameworks such NIST CSF, ISO, HIPAA, PCI, etc.
  • Benchmarks with IS risk management practices of other companies.
  • Assist with the development of cyber security policies, standards, and procedures.
  • Assist with the annual review of cyber security policies and provide input for improvements.
Security Incident Response
  • Assist with responses to cyber security incidents such as malware detections and malicious activities.
  • Respond to security escalations received from the Security Operations Center (SOC).
  • Research security incidents, document findings, and provide remediation activities.
  • Utilize in-house security tools when researching security incidents (IPS, Antivirus Management Console, etc.)
  • Manage the cyber security queue in the IT ticketing system.
  • Participate in a rotating on-call schedule to respond to afterhours incidents.

EDUCATIONAL/Experience/MINIMUM Requirements

Education:
  • Bachelors degree in Information Systems, Business or related program preferred.
  • Industry certifications highly preferred (ISSP, SSCP, CISM, CISA, CCSP).
  • Strong working knowledge of information systems security standards and practices.

Experience:
  • Three (3) years' experience in Information Security with a focus on Risk Management
  • Experience working with outsourced providers in the delivery of IT Security services
  • Experience working with law enforcement, industry groups and other forums to stay abreast of new developments and to gain knowledge of best practices

Knowledge, Skills & Abilities:
  • Demonstrated ability to envision and integrate various security technologies and controls into a cohesive architecture that sufficiently mitigates risk to the organization.
  • Proven ability to author strategic security roadmaps and translate into execution plans to drive desired outcomes.
  • Ability to communicate clearly end effectively with technical and business stakeholders.
  • Excellent verbal and written communication skills including the ability to author and present materials ranging from detailed technical specifications to high-level presentations.
  • Solid problem solving and analytical skills; able to quickly digest issue/problem encountered and recommend an appropriate solution.
  • Solid data analytic skills required to correlate multiple data points.
  • Advanced Computer Skills - Microsoft Office: Advanced in Excel (Pivot tables, V-look ups), Visio, or ACL/Access (not required, but preferred)
US Citizens and those authorized to work in the US are encouraged to apply. My client is unable to sponsor or transfer visas at this time. NO 3rd party resumes will be accepted.