Title: Security Risk Manager
Role: Fulltime Hybrid in Seattle, WA or Chicago, ILL.
Base Salary Range: $109K to $150K based on experience
The Security Risk Manager is responsible for conducting security risk assessments, monitoring mitigation activities, and reporting while contributing to critical initiatives to enhance, scale, and mature the Security Risk & Issue Management program. This hands-on individual contributor position will mature relationships with internal and external partners globally to represent the team and report security risks including risk mitigation strategies. The successful candidate will have proven ability to drive consensus and direction to multiple cross-functional collaborators while consistently completing quality deliverables, tracking risks and issues, and proactively communicating progress.
Responsibility
- Identify, assess, monitor, and report risks with minimal supervision
- Triage risks to accurately assess and capture them within the GRC tool
- Conduct security risk assessments, reassessments, and mature processes to effectively manage and mitigate cybersecurity risk at scale
- Conduct targeted risk assessments based on our Framework as well as industry requirements
- Lead cross functional meetings with stakeholders with minimal manager supervision
- Support and enhance the risk and issues reporting metrics
- Integrate Risk and Issue program across our processes and effectively measure effectiveness of the integrations
- Support documentation, review, and enhancement of the risk management standard, methodologies, policy or operating procedures
- Evaluate mitigation and remediation efforts including the design and effectiveness of operational controls, based on industry best practice models in accordance with risk and compliance requirements
- Manage and enhance the risk reporting metrics
- Engage with the stakeholders to identify risks, understand their needs and challenges to proactively find ways that your program can support
- Develop and maintain strong relationships based on trust and transparency with primary business partners and third party contacts
- Provide subject matter expertise on issues tracked by issue management
Job Designation
Hybrid:Employee divides their time between in-office and remote work. Access to an office location is required. (Frequency: Minimum 2 days per week; may vary by team but will be weekly in-office expectation)
What you bring
Basic
- 5+ years of relevant experience in information security risk management, or a related domain
- 4+ years of relevant experience working in cybersecurity risk management
- Experience with risk management frameworks (e.g., RMF, ISO27005, NIST 800-37, NIST 800-30 etc)
- Experience with and understanding of cyber threats and vulnerabilities
- Experience with relevant control frameworks (e.g., SSAE16, ISO27001, NIST, PCI, SIG, CSA, HIPAA, HITRUST, FedRamp)
- Strong experience with a GRC Risk management tool, preferably ServiceNow
- One or more of these certifications: CISSP, CRISC, CISM, CTPRP, CISA, CIPT, CompTIA Security+, AWS/Azure Security
- Experience with technical security controls and how these apply to different functions throughout the business
Preferred
- Self-starter with excellent communication, collaborative, and presentation skills
- Independently driven, resourceful, and able to deliver results with minimal oversight
- Strong sense of ownership and drive
- Strong business sense with the ability to engage with technical teams to present assessment results, risks and to participate in discussions about acceptable and compensating controls
- Experience working hands-on with cross-functional teams in assessing processes, risks and controls
Benefit offerings available for our associates include medical, dental, vision, life insurance, short-term disability, additional voluntary benefits, EAP program, commuter benefits and a 401K plan. Our benefit offerings provide employees the flexibility to choose the type of coverage that meets their individual needs. In addition, our associates may be eligible for paid leave including Paid Sick Leave or any other paid leave required by Federal, State, or local law, as well as Holiday pay where applicable.
To read our Candidate Privacy Information Statement, which explains how we will use your information, please visit https://www.modis.com/en-us/candidate-privacy/
The Company will consider qualified applicants with arrest and conviction records.