IT Security Risk Resume Samples

The Guide To Resume Tailoring

Guide the recruiter to the conclusion that you are the best candidate for the it security risk job. It’s actually very simple. Tailor your resume by picking relevant responsibilities from the examples below and then add your accomplishments. This way, you can position yourself in the best way to get hired.

Craft your perfect resume by picking job responsibilities written by professional recruiters

Pick from the thousands of curated job responsibilities used by the leading companies

Tailor your resume & cover letter with wording that best fits for each job you apply

Resume Builder

Create a Resume in Minutes with Professional Resume Templates

CHOOSE THE BEST TEMPLATE - Choose from 15 Leading Templates. No need to think about design details.

USE PRE-WRITTEN BULLET POINTS - Select from thousands of pre-written bullet points.

SAVE YOUR DOCUMENTS IN PDF FILES - Instantly download in PDF format or share a custom link.

Create a Resume in Minutes

A Satterfield

Alfonzo

Satterfield

680 Gaylord Row

Philadelphia

+1 (555) 761 3176

680 Gaylord Row

Philadelphia

Phone

p +1 (555) 761 3176

Experience Experience

New York, NY

IT Security Risk Consultant

New York, NY

Johnson, Mante and Price

New York, NY

IT Security Risk Consultant

Perform due diligence in working with vendors to evaluate IT vendor controls related to the services provided to CELERITY
Provide assistance with penetration exercises and review penetration test reports, in conjunction
Provide assistance and guidance with phishing and malware incidents
Create and review Operational Security Guidelines
Provide a summary analysis to Procurement and the business areas seeking to leverage the vendor for services identified
Provide Security Awareness Training
Application Security Reviews using IRM Tools (ie/ ITRAM)

Phoenix, AZ

IT Security & Risk Expert

Phoenix, AZ

Veum and Sons

Phoenix, AZ

IT Security & Risk Expert

Providing subject matter expertise in IT Risk Management; leading trainings and awareness presentations
Provide subject matter expertise in IT Risk Management for junior colleagues; lead trainings and awareness presentations
Assisting IT functional management to identify, assess and document risks to the IT environment
Analyzing IT control environment of vendors providing various IT services to the bank
Participate in initiatives to improve Risk Assessment processes and tools across the company
Participating in initiatives to improve Risk Assessment processes and tools across the company
Analyzing network infrastructure change requests and raising potential risk issues

present

Boston, MA

Director, IT Security & Risk Management

Boston, MA

Schroeder, Donnelly and Sanford

present

Boston, MA

Director, IT Security & Risk Management

present

Consults with IT technical teams and collaborates to develop plans to drive improvement in the annual IT Maturity Assessment
Analyze audit reports to identify classes of risk and recommend corrective actions to IT management
Develop risk and control metrics
Manage the process of identifying and assessing the overall risks affecting the business
Coordinate IT management responses to internal and external audit reports
Elevate risk awareness and empower employees thru comprehensive security and awareness training program
Identify and assess inherent risks to IT business functions. Identify controls designed to address inherent risks. Identify and track residual risks given design and effectiveness of controls. Propose technology solutions to assist in the identification, reporting, and monitoring of risks

Education Education

Bachelor’s Degree in Management Information Systems

DePaul University

Bachelor’s Degree in Management Information Systems

Skills Skills

Highly organized, results-oriented and attentive to details
Ability to work in a fast paced, highly visible, changing environment
Knowledgeable in user and system lifecycle management
Strong verbal and written communication skills with the ability to adapt information delivery based on the target audience
Ability to multitask and manage multiple topics and demands concurrently
Single Sign On and system integration to consolidate user accounts/identities
Working knowledge of IT processes (i.e., ITIL) including incident, problem, defect, change and release management
Working knowledge of Unix/Linux administration, databases (SQL) and LDAP directories (AD, etc.)
Information Security Certification (CISSP, GSEC, etc…) or other related security certification is highly desired
Excellent presentation, facilitation and diplomacy skills

Create a Resume in Minutes

14 IT Security Risk resume templates

Read our complete resume writing guides

VP-it Security / Risk Resume Examples & Samples

Maintain a broad understanding of regional laws and regulatory requirements relating to information security and privacy, industry best practices, exposures, and their impact to the business
Maintains regular routines to ensure that regional stakeholders are engaged to changes that impact the region
Promote awareness and understanding of information security controls and programs to all levels across Business Units; (e.g., Executives, managers, technical, business and support staff, consultants and vendors, etc.)
Engage as a consultant to various business units for new/significant Application and/or Infrastructure development initiatives as an Information Security advisor and risk assessor, and to support the business units in the development of corrective action plans. Assist in ensuring effective information security programs are in place across regional business units
Provide guidance to the business for resolving audit findings and ensuring closure

IT Security & Risk Expert Resume Examples & Samples

Analyzing network infrastructure change requests and raising potential risk issues
Interacting with IT Management, Business and Risk Management teams across the Bank to discuss risk assessments/risk exposure to ensure accuracy and transparency across all key stakeholders
Acting as a mentor for junior colleagues
Providing subject matter expertise in IT Risk Management; leading trainings and awareness presentations

IT Security Risk Consultant Resume Examples & Samples

Member of the Information Security Team
Application Security Reviews using IRM Tools (ie/ ITRAM)
Create and review Operational Security Guidelines
Measure, report and submit KRIs for 2nd Line IRM and Information Security
Review IT process controls
Have in depth knowledge of Information Security technical governance and third party assurance
Test SoX Key IT Controls including ITGC controls
Schedule and Review vulnerability reports, providing consultation to IT teams for resolution
Review and Track vulnerabilities reported for UK Region for resolution, using UK tooling available
Provide Security Awareness Training
Provide assistance with penetration exercises and review penetration test reports, in conjunction
CISSP or CISA qualified
5 years + Information security + Information Risk Management experience
Data Loss prevention experience
Knowledge of internet proxies

IT Security & Risk Specialist Resume Examples & Samples

Identify scope and assets under review
Interview stakeholders to gather data about the system or service
Creating risk assessments for raised exception requests

IT Security Risk Consultant Resume Examples & Samples

Responsible for the implementation and management of Role Based Access/Attribute Based Access Control, of many different business areas and technical groups
Along with policy and procedure, you will also establish a quality assurance process to ensure compliance to procedures and standards
Creating strategy and will work closely with and provide support to the other areas of Access Management including CyberArk and Oracle Identify Manager teams, and security administration
Attend strategy meetings, and update project documentation. You will also lead collaboration meetings with Stakeholders, build program governance, and work through issues, problem solving, and escalation
Along with being an advocate for the new program, you will provide leadership and mentoring to the see this project to completion

Director of IT Security & Risk Resume Examples & Samples

Work with Information Security leads to plan, design and implement an overall risk management process for the firm
Manage the Information Security engineering team, providing professional development, coaching, and performance management
Manage process for assessing risk for CEB vendors, contractors, and other third-party service providers
Respond to security questionnaires from CEB client’s regarding CEB Security capabilities and risk management program. This requires understanding CEB’s security environment and risk posture
Perform risk assessments, which involve analyzing risks as well as identifying, describing and estimating the risks affecting the business
Implement risk evaluation, which involves comparing estimated risks with criteria established by the firm such as costs, legal requirements and environmental factors, and evaluate CEB's previous handling of risks
Produce and tailor risk reports for use with different audiences
Provide support, education and training to staff to build risk awareness within the firm
Identify process improvements to meet acceptable risk profile, communication and collaboration with appropriate teams to get initiatives prioritized and scheduled
Lead IT Risk audits of data products across the firm to ensure member and client data is kept secure
Functional knowledge of security information and management products; investigatory procedures; and event documentation/tracking
Minimum of 5 years of formal risk management demonstrating progressive responsibility for managing Risk Portfolios for large complex projects or domains in a cross-functional environment
Experience with formal risk management procedures, policies and reporting
Excellent written and verbal communication and presentation skills with technical and non-technical team members
Proven documentation skills including proficiency with the documentation and documentation maintenance for process work flow diagrams
Demonstrated ability to influence over cross-functional working teams in a matrixed environment by serving as a trusted advisor and domain expert
SANS GIAC, CISSP, CISA, or other Risk Management certifications are required
Strong teamwork and staff management skills to maintain strong working relationships within and outside Corporate IT, to develop a results-oriented work environment
Must be highly self-reliant, motivated and able to take ownership of tasks through completion
Must be process oriented and a person with strong analytical skills
Strong work ethic and interpersonal skills
BA/BS required
Ability to travel domestically and internationally (travel is less than 10% of the role). Must have valid passport and no international travel restrictions

IT Security & Risk Manager Resume Examples & Samples

Responsible for providing identity and access management (IAM) governance (including audits) services to business applications
Lead ERP IAM projects and manage ERP account team to handle day to day request, review changes and develop appropriate solution
Provide daily customer support in order to ensure customer satisfaction
Act as the subject matter expert, demonstrating leadership qualities in collaborative efforts with business and IT teams to refine, enhance, and align solutions based on the organization’s overall IAM strategy
Perform project related tasks on identity and access management projects including development of requirements, collaborative evaluation and selection of products
Recommends and coordinates the identity and access management account fixes, patches, & recovery procedures in the event of a security breach
Ensure communication is customer-focused and professional
Assists in the testing of controls and the remediation of any deficiencies identified
Research and keep abreast of emerging technologies in Identity and Access management landscape
Validates and verifies system security requirement definitions and analysis
Minimum 8 years of progressively responsible IT experience with at least 5-6 years of security/infrastructure protection experience
Architect level Enterprise Identity Management and Access Governance experience with emphasis on Role Based Access Control
Expertise in access control list (ACL), Segregation of Duties (SoD), users, dynamic groups and roles planning and implementing
Familiarity with Governance and Compliance issues and solutions as it relates to Identity Management
Single Sign On and system integration to consolidate user accounts/identities
Hands-on project experience mapping business requirements to business logic, designing and implementing custom identity workflows, resource provisioning, and role based access controls
Information governance, data security, access definition and data protection skills is desired
Strong verbal and written communication skills with the ability to adapt information delivery based on the target audience
Experience in writing/reviewing code in Java, Java Script and other programming/scripting languages
Working knowledge of Unix/Linux administration, databases (SQL) and LDAP directories (AD, etc.)
Knowledgeable in user and system lifecycle management
Prefer prior experience with IAM technologies such as ITIM, OIM, TAM, OAM, and SailPoint
Prefer prior experience in integration technologies such as EDI, Web Services and Virtual directories
Ability to work in a fast paced, highly visible, changing environment
Proven ability at building working relationships with partners, peers, and senior Management
Ability to troubleshoot complex identity and access management design and technology solutions
Ability to multitask and manage multiple topics and demands concurrently
Working knowledge of IT processes (i.e., ITIL) including incident, problem, defect, change and release management
Prior working experience in a Pharmaceutical company is a big plus
Highly organized, results-oriented and attentive to details
Self-motivated, proactive, independent and responsive – requires little supervisory attention
Excellent presentation, facilitation and diplomacy skills
High level of personal integrity consistent with Gilead’s core values

IT Security & Risk Lead Resume Examples & Samples

Lead the disaster recovery/business continuity planning function
Bachelor’s Degree in Computer Science or equivalent work experience
Plus 5 years of broad information technology experience
Minimum of 2 years in information security and/or internal audit
Security certifications such as CISSP, CEH, CCSP and CISM are preferred

Senior IT Manager, Global IT Security & Risk Resume Examples & Samples

Define/facilitate the Information Risk Management process including the reporting/oversight of treatment efforts to remediate negative findings
Define, maintain, and publish Global Security Policies and Standards; provide consulting to Business/Technical resources on security mitigation of identified security gaps/risks and compliance to Global Security Policies
Define/manage the Vulnerability Management process including the identification of vulnerabilities, provide consulting to business/technical resources to remediate vulnerabilities, and align vulnerability remediation processes with existing Infrastructure programs
Define/manage the Identity & Access Management (IAM) program including the setting of standards for IAM, collaborating with application/infrastructure owners to implement IAM, implementing privileged access, and advancing our security position through a well-managed IAM program
Develop and enhance an information security framework based on NIST Cybersecurity Framework (CSF) and International Organization for Standardization (ISO 2700X)
Liaise among IT Security & Risk Management teams and Corporate Compliance, Audit, Legal, Quality and Privacy to ensure alignment of goals and support of cross-functional initiatives
Provide leadership and direct supervision, mentoring, and performance management for Risk Management team including setting and managing priorities, timelines and schedules
Participate in the research, analysis, selection, and implementation of new tools, technologies and/or services
Use influence to drives key security decisions required to progress key security initiatives and the overall program
Assist in facilitating a Global security governance board that brings together leaders throughout the organization to communicate the overall security posture and drive key decisions for ultimate adoption
Develops collaborative relationships with business partners, peers and subordinates to collectively explore partnership opportunities with people inside and outside the organization
Manage vendor relationships, deliverables, and support requirements
Facilitate management focus on KPI, KRI, and key risk activities (policy compliance, goal tracking and remediation tracking)
Create and manage information security and risk management awareness training programs for all employees, contractors, vendors and partners
Manage and support the development of your team so that they can fulfill current or future job/roles responsibilities more effectively
Minimum 7-10 years of experience in a combination of Risk Management, Information Security, and IT Roles, with 3-5 years managing/leading teams
Knowledge of common information security frameworks, such as ISO/ISEC 27001, ITIL, COBIT, NIST and HIPPA
Professional Security Management Certifications such as Certified Information Systems Security Professional (CISSP). Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), or other similar credentials, is preferred
Knowledge of common information security management frameworks such as ISO/IEC 27001, ITIL, National Institute of Standards and Technology (NIST) Cyber Security Framework (CSF)
Excellent written and verbal skills, interpersonal and collaborative skills, and the ability to communicate security and risk related concepts to technical and non-technical audience
Experienced in preparing PowerPoint Presentations, Visio diagrams, risk assessments, training and documentation that reinforce the security program strategy and policies
Experience with Archer platform strongly preferred

IT Security Risk Management Senior Consultant Resume Examples & Samples

Strong experience with the use of ISO 27001 control framework and Information Security Management System (ISMS) implementation. Applied experience with ISO 27002, ISO 27005, or ISO 31000 is also valuable
Notable knowledge of recognized IT process and quality frameworks such as COBIT or ITIL
A deep, meaningful, and marketable expertise with the many facets of Risk Management and Risk Treatment
Proven ability to apply skills to analyze root causes and trends to deal with issues that are not readily defined, or that conflict with available information, and wisdom to know that there are always multiple solutions to any given problem
Demonstrated ability to communicate risk to risk owners in a way that consistently drives objective, fact-based decisions that optimize the trade-off between risk treatment/mitigation and business performance
Demonstrated ability to operate independently, manage time effectively, and make decisions which support the goals of management
Broad range of experience, including both technical and non-technical facets of IT internal controls and compliance, including administrative, logical, and physical controls
Experience with risk analysis and securing of cloud-based solutions
Advanced capabilities in Microsoft Office, especially Excel, PowerPoint, Visio, and Project
Demonstrable experience with both RSA Archer and ServiceNow is strongly preferred
Strong customer service behavior and continuous quality improvement orientation
Very strong project management skills
General awareness and broad understanding of business process controls (e.g. COSO)
Demonstrated ability and willingness to

IT Security & Risk Management Senior Analyst Resume Examples & Samples

Planning and design of enterprise security architecture and controls utilizing established security frameworks including: COBIT, NIST CyberSecurity Framework, NIST 800-53, NIST 800-171, and IEC 62443 to ensure adequate security controls are in place to meet multiple industry and/or regulatory requirements including (but not limited to): Sarbanes-Oxley, HIPAA, FAR, DFAR, ITAR, EAR, NISP, and FDA
Develop, implement, maintain, and oversee enforcement of policies, procedures and associated plans for system security administration and user system access based on industry-standard best practices
Perform the deployment, integration, initial configuration, and ongoing maintenance of all new security solutions and of any enhancements to existing security solutions in accordance with standard best operating procedures generically and the enterprise’s security documents specifically
Monitor security events, alerts, and reports for unusual or suspicious activity. Interpret activity, respond to incidents, and make recommendations for resolution
Partner effectively and efficiently by consulting with global teams to enhance business processes, ensuring that required IT controls, compliance, and regulatory standards are met and support application, infrastructure, and business needs
Maintain current, detailed knowledge of the IT security industry, including awareness of new or revised security solutions, improved security processes and the development of new attacks and threat vectors
Oversee compliance activities and assist as needed with quality evaluations, uncover errors or deficiencies, and identify opportunities for improvement
Recommend enhancements to existing systems and solutions to improve overall enterprise security
Participate in the planning and design of an enterprise Business Continuity Plan and Disaster Recovery Plans
Minimal travel may be required to meet the needs of the business
A minimum of a Bachelor’s degree or equivalent experience is required for this position; a Bachelor’s degree in IT/Business is preferred
Experience of 2 years is required for this position, assuming education requirement are met. Equivalent industry experience of 2 or more years is highly desirable
Formal training and certification in CISSP, CISM or CISA are preferred, and will be required to maintain the position
Demonstrated effective organization, facilitation, communication and presentation skills
Working knowledge of regulations and related requirements as they pertain to Information Technology for Sarbanes-Oxley (SOX), International Traffic In Arms Regulations (ITAR), Federal Drug Administration (FDA), Health Insurance Portability & Accountability Act (HIPAA), Export Administration Regulations (EAR)
Working knowledge of compliance standards for Information Technology including Control Objectives for Information & Related Technology (COBIT), NIST Cybersecurity Framework, NIST 800-53
Advanced computer skills, including Microsoft Office Suite and Visio

Director, IT Security Risk Management Resume Examples & Samples

Owns the overarching IT Risk Management Program
Responsible for defining, resourcing, and ensuring the continuous improvement of the following sub programs
Past Senior Management or Director experience managing teams of senior security professionals
8+ years of related security risk assessment, vulnerability management, or audit work experience
Excellent customer service skills required
NIST 800-53, ISO 27001/2 experience, CISSP, CISM or CISA certification

IT Student for Group IT Security & Risk Resume Examples & Samples

Coordination and planning of meetings & events
Prepare presentations
Planning of deliveries
Communication in organisations
Experience & skills in Microsoft Office including Word, Excel, PowerPoint, and Outlook
Experience with MS SharePoint and IBM Lotus Notes is desired
Graduate student in e.g. communication, organisational psychology or business administration
Work experience with supportive and administrative tasks
Be able to read, write speak and understand the English language

IT Student for Group IT Security & Risk Resume Examples & Samples

Advanced knowledge of MS Office tools especially excel and power point and have good presentation skills
Detail oriented and able to review legal and policy documents
Wider knowledge in the field of cybersecurity issues especially regarding current partnerships and collaboration schemes would be a big advantage
Familiarity with technical used terms referring to attacks and risks coming from cyberspace as well as cybercrime features (ex. DDos, malware, ransomware etc) would also be a plus
Ad hoc administrative support
Handling of a wide range of tasks regarding projects, planning meetings and prepare material beforehand
Reaching short deadlines
The appropriate candidate studies security risk management (or other relevant studies)
Ability to quickly gain new tech skills
Excellent written and spoken English language skills

IT Security Risk Consultant Resume Examples & Samples

Perform due diligence in working with vendors to evaluate IT vendor controls related to the services provided to CELERITY
Understand services provided by the vendor and the CELERITY data the vendor will be able to access. Determine the inherent risk rating based on these factors
Coordinate analysis and response with internal teams including Procurement and business areas
Evaluate vendor controls and determine the residual risk rating
Provide a summary analysis to Procurement and the business areas seeking to leverage the vendor for services identified
Leverage existing templates and tools to efficiently and effectively assess vendors in a timely manner. Ensure RSA Archer is updated to accurately reflect vendor disposition and promote accurate reporting from the system of record
Experience with SSAE 16 Audits and SOC 1 Type 1 and Type 2 Reports a plus
Advanced knowledge of IT Security Standards and Frameworks including ISO
3+ years of Management Consulting (BIG 4, BIG 5, etc) Experience
5+ years of work related compliance experience or Information Security procedures development
Knowledge of industry accepted security frameworks such as NIST 800-53 and ISO 27001
Strong communication and facilitation skills
Ability to work independently with minimal supervision, as well as collaboratively with various constituents
Ability to effectively communicate across multiple levels of an organization specifically ability to provide clear concise communication with project team and mid-level management and demonstrated ability to influence or negotiate with other functional areas
CISSP/CISA/CIPP Certified
Experience in Financial Services Industry

Student Assistant With Documentation Skills for Group IT Security & Risk Resume Examples & Samples

IT Security for networks and operating systems
IT Auditing
Performing risk assessments and manage GRC tools to ensure up-to date overview of risks
Graduate student or equivalent in IT engineering, IT Auditing, Computer Science, Communication technology, e.g. IT Digital innovation & management, Cand.merc.aud or Business Administration and Information Systems
English at a high level (verbal and written) as reporting at executive level and to authorities is part of the job
Ability to craft professional presentations (Powerpoint)

Student Assistant With Presentation Skills for Group IT Security & Risk Resume Examples & Samples

Access management
Operational and/or IT risk management (frameworks, processes and controls)
Information Security Management Systems and processes
Maintaining risk registers and follow-up with risk owners individually
Conducting vulnerability analyses and security testing
Graduate student or equivalent in IT engineering, IT Auditing, Computer Science, Communication technology, e.g. IT Digital innovation & management, Digital design, communication, or Business Administration and Information Systems
Work experience with information security, IT risk management, IT auditing or in a legal/compliance function related to IT is preferred
Ability to create documentation

IT Security Risk Manager Resume Examples & Samples

Accountable for the ongoing management, compliance and governance of IS Information Security and Risk policies, processes and standards across the Group
To engage, support and work closely with the business at all levels to ensure IS Information Security regulations, requirement and policies are understood, communicated, & implemented effectively across all business functions
To engage, support and work closely with Corporate Information Security group/function, to ensure the confidentiality, integrity and availability of data and services are maintained against the risk of loss, misuse, disclosure or damage
To engage, support and work closely with the Group risk function, to ensure Business Continuity is appropriate for the IS business requirements
To engage, support and work closely with the Internal Audit function, to ensure IS Information Security is audited, represented and reported accurately and appropriate to each business function
To engage, support and work closely with all areas of the business at customer level ensuring the successful delivery and completion of all internal / external IS Information Security reviews / audits
Provide the leadership and oversight of information assurance, setting high level strategy and policy, to ensure stakeholder confidence that risk to the integrity of information in storage and transmit is managed pragmatically, appropriately and in a cost effect manner
Driving a culture of Information security management within IS that support the wider corporate risk and governance
You should be able to operate as a member of the Senior Management team, contributing to a wide range of Information Security risks and issues, to provide joint outcomes
You should have a strong background delivering & implementing information risk, assurance and information security strategy programs, within large corporate environments, ideally coming from a FTSE 100 environment or the logistics sector
You should have a strong knowledge of formal methodologies such as ISO27001 and COBIT would be ideal, or PCI programs
Information Security certification (e.g. CISSP, CISM) desirable
You must possess strong organisational, facilitation and critical thinking abilities, to assess complex requirements (technical & non-technical), analyse options, navigate diverse perspectives and objectives, and develop acceptable Information Security policies and procedures for Wincanton
You must have a strong technical background covering a broad range, including but not limited to application, infrastructure, servers, databases and service
You must have advanced MS Office skills and experience in managing multiple concurrent projects
You must have strong influencing and communication skills to impart the importance of compliance and the business impact of breaches of security
You must have the ability to influence & negotiate without line authority on all matters related to Information Security at all levels of the business
You must be passionate about risk and information security management
You must keep up to date with current security and risk issues and aware of industry best practice
You should have enquiring and investigative style and analytical skills and able to see the broader impact of potential security breaches
You should be able to work closely with all areas of the IS function and across the broader business
You should be able to conduct research into issues and products as required
You must be highly self-motivated and directed
You should be a champion of continuous improvements and operational excellence
You must be able to motivate and inspire others

Director, IT Security & Risk Management Resume Examples & Samples

Elevate risk awareness and empower employees thru comprehensive security and awareness training program
Primary liaison with audit and regulators (scope, control strategy, evidence gathering, issue validation, residual risk calibration) Responsible for monthly IT executive reporting on the status of open audit findings
Analyze audit reports to identify classes of risk and recommend corrective actions to IT management
Review preliminary audit reports with internal and external auditors. Ensuring understanding and validity of findings, and providing information regarding compensating controls so that audit reports accurately reflect the risk to BSC
Define, design and implement an overall IT risk management framework for the organization to support continued growth and profitability
Manage the process of identifying and assessing the overall risks affecting the business
Identify and assess inherent risks to IT business functions. Identify controls designed to address inherent risks. Identify and track residual risks given design and effectiveness of controls. Propose technology solutions to assist in the identification, reporting, and monitoring of risks
Oversee, and in some areas implement risk control actions (e.g. security measures, liaison with regulators, business continuity plans, etc.)
Monitor, evaluate and challenge the organization’s success in managing its overall risks
Organize appropriate risk reporting, internally and externally
Consults with IT technical teams and collaborates to develop plans to drive improvement in the annual IT Maturity Assessment
Develop risk and control metrics
Maintain risk acceptance documentation
Coordinate governance communication
Control design advice
Facilitate resolution of issues; escalate issues appropriately
Prepare project status and program readiness reports
Drive the definition of roles and responsibilities across the first, second, and third lines of defense
Strong leadership skills with a high level of drive and initiative. Ability to work with minimal supervision
Bachelor’s degree in MIS, Accounting, or Computer Science required; Master’s degree preferred
10-15 years related work experience including experience managing and/or directing an information service operation, specifically within Risk Management and Compliance
Demonstrated experience with developing and coaching a team
Extensive experience in risk management, compliance, strategic planning, budgeting and allocation, implementation, information security program development, and administration
CISM or CISSP certification is preferred

IT Security & Risk Monitoring Director Resume Examples & Samples

Determine and maintain an inventory of all regulatory, commercial and organizational technology compliance requirements
Support the creation and modification of all technology compliance policies and procedures while working with the Chief Information Officer, Chief Information Security Officer, and Chief Technology Officer
Manage the overall IT compliance-related budget/financial spend in accordance with the desired IT compliance risk appetite of the organization
Assist business and IT managers with the acquisition of tools and expertise to assist with IT compliance-related projects and initiatives
Create an IT compliance training and awareness program that periodically educates the requisite end-user community on the relevant IT compliance requirements, and certifies their adherence to the relevant IT compliance controls
Collaborate with decision makers to provide actionable insights and recommendations that will lead to better business decisions. Review at departmental and strategic hospital levels to provide input into the information security budget and resource planning
Work with hospital operations to coordinate IT Security’s responsibilities to educate, inform and train hospital departments on IT security, cybersecurity threats and privacy security including working with operations to perform an annual internal disaster drill for a cyber-security attack
Create a vulnerability management program to manage and monitor evolving threat landscape and partner with responsible IT teams helping them to understand the deficiencies and recommending mitigation or remediation activities to resolve open vulnerabilities and reduce risk
Responsible for developing IT policies and standards based on best practices and work across IT to ensure policies and standards are appropriately followed, exceptions are tracked, and compliance objectives are met. This person will work with the IT directors to understand staffing, funding, and other constraints as well as define the appropriate mechanism for managing and escalating all issues and risks for the successful completion of all remediation issues
Bring a deep background and broad experience in Identity and Access Management, Information Security or related business areas and expert understanding of business process, scope and risk management, and scorecard/dashboard development
Implement a Data Security Governance program to ensure appropriate controls are in place to govern sensitive data sharing, conduct vendor risk assessments, onboarding and off-boarding of 3rd party vendors
Drives continuous improvement in IT governance, risk, compliance and security practices based on expert knowledge in domain areas, industry best practices, business objectives and risk tolerances
Coordinate IT management responses to internal and external audit reports
Review preliminary audit reports with internal and external auditors. Ensuring understanding and validity of findings, and providing information regarding compensating controls so that audit reports accurately reflect the risk to Keck Medical Center of USC
Reviews and evaluates IT’s overall control environment using strong, pragmatic analytic and problem-solving skills
7+ years of experience in an IT Director/Manager role with strong customer service background (Healthcare and/or Academic industry preferred). Experience being a Leader and managing staff. Experience building project teams and driving change within an organization
5+ years in Information Security Management. Experience creating and enforcing corporate policies, procedures and standards

IT Security & Risk Architect Resume Examples & Samples

Assisting the Security Architecture and Engineering Manager in the assessment and definition of Bord Gais Energy’s / Centrica’s information security architecture, including
Collaborating with management, security teams, and other stakeholders to determine information security needs and requirements for networks (WAN, LAN, Wireless), virtual private networks (VPNs), firewalls, routers, cloud security, and related security and network devices
Assessing Information Technology (IT) products and technologies
Evaluating the interface between hardware, software, and operational and performance requirements of overall system
Reviewing Bord Gais Energy’s / Centrica’s information security architecture and platforms to identify integration issues and opportunities to enhance information security practices
Assisting the Security Architecture and Engineering Manager in the development of Centrica’s information security architecture, including
Developing reference architectures across applications, infrastructure, and network environments
Integrating security controls into a cohesive architecture that sufficiently mitigates risk to the organization
Identifying and developing security requirements to be included in statements of work and other appropriate procurement documents
Collaborating with system developers and users to select appropriate design solutions or ensure the compatibility of system components
Defining and documenting how the implementation of a new system or new interfaces between systems impacts the security posture of the current environment
Translating proposed technical solutions into technical specifications
Assisting the Security Architecture and Engineering Manager in conducting technology and vendor assessments to validate that information security technology portfolios are kept up to date and meet contractual requirements
Providing inputs on secure service offerings for transformation IT activities
Supporting project scoping, requirements gathering, risk assessments, and the design of security projects
Reviewing and communicating information security policies, standards, and procedures
Deep IT technical skills (information security solutions in detail, public key infrastructure (PKI), file encryption, programming, support, workstations, network, cloud solutions, etc.)
Experience in and knowledge of operating systems (e.g., Android, iOS, Linux, Windows, MVS, VMWare), hardware and software platforms, and protocols as they relate to information technology
Knowledge of secure reference architectures, such as infrastructure, network, and application design
Ability to analyze business needs and requirements to plan system architecture
Knowledge of secure software development methodologies, tools, and practices
Hands on experience with the implementation of security solutions
Knowledge of critical IT procurement requirements
Strong analytical and problem solving skills, with high learning agility
Ability to work under pressure and cope with competing demands
Demonstrates critical thinking and applied conceptual thinking
Demonstrated ability to work in teams, with the ability to effectively prioritize work/delivery commitments to achieve timely and effective outcomes
Bachelor’s degree preferred in area(s) of study such as information technology, computer science, information systems, or related field, or high school diploma with relevant work experience