Information Security Risk Job Description
Information security risk
provides up-to-date technical expertise in areas such as computer viruses, intrusion detection systems, encryption systems, firewalls, etc.
Information Security Risk Duties & Responsibilities
To write an effective information security risk job description, begin by listing detailed duties, responsibilities and expectations. We have included information security risk job description templates that you can modify and use.
Sample responsibilities for this position include:
Establishes credibility and maintains strong working relationships with groups involved with information security and compliance matters (Information Security, Legal, Privacy, Internal Audit, Fraud, Physical Security and Software Development Community )
Direct operational security functions responsible for firewalls, IDS/IPS, VPNs, malware and APT protection, and reporting
Review applications, systems, tools, and infrastructure for risk identification, assessment, evaluation, control monitoring and testing
Demonstrates proven expertise and success with implementing security architecture and strategies
Demonstrates proven expertise and success in a role leading and collaborating directly with senior management, delivery, practice development and thought leadership related to Information Security solution development, assessment and implementation
Provide governance of operational risk management activities
Monitor and analyze risks within NIBR and report on these risks to the Head of NIBR Information Security & Risk Management and NIBR Informatics Senior Leadership Team (SLT)
Providing project management expertise for complex, technical, and strategic business initiatives, regulatory requirements and actions
Working with stakeholders to identify, assess and treat information risks
Monitor and follow-up on the status of audit recommendations
Information Security Risk Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for Information Security Risk
List any licenses or certifications required by the position: CISSP, CISM, CISA, CRISC, IAT, SANS, SSCP, II, IAM, III
Education for Information Security Risk
Typically a job would require a certain level of education.
Employers hiring for the information security risk job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and Master's Degree in Computer Science, Information Security, Information Systems, Education, Information Technology, Business, Engineering, Management, Technical, Management Information Systems
Skills for Information Security Risk
Desired skills for information security risk include:
Encryption
Firewalls
Networks
RSA Archer tool
Databases
Intrusion detection systems
Active Directory
Software
DHCP
DNS
Desired experience for information security risk includes:
Co-ordinate and track penetration tests on applications and infrastructure
Work closely with a third party team who conducts penetration tests on all internet facing applications within the organization
Produce high quality risk reports, clearly articulating risks and providing practical recommendations to senior management
Weigh business needs against security concerns and recommend necessary changes to enhance information systems security
Leverage Information Security Consulting skills and experience to conduct formal Threat Risk Assessments (TRA) on applications and formal information security assessments on 3rd party suppliers
Occasionally work outside of normal office hours and carry a pager
Information Security Risk Examples
1
Information Security Risk Job Description
Job Description Example
Our company is searching for experienced candidates for the position of information security risk. Thank you in advance for taking a look at the list of responsibilities and qualifications. We look forward to reviewing your resume.
Responsibilities for information security risk
- Update the senior account management regularly on security matters that affect the Account’s business
- Coordinate the Account security audit inspections within the region and in coordination with the Global Security Program Manager
- Lead investigations in the eventuality of serious security incidents within the region
- Drive the Security Operations Improvement plan
- Risk Assessment, Risk Management and Risk Mitigation
- Vulnerability Assessment and Penetration Testing
- Management of Security Services like Firewall, IDS/IPS, Forward and Reverse Proxys, Security Event Logging and Management, URL Filtering, Email Security etc
- Provide Specialist Consultation and Advise for Firewall, IDS/IPS, Forward and Reverse Proxys, Security Event Logging and Management, URL Filtering, Email Security, New Security Product Evaluation
- Engage with business leaders & corporate functions such as legal, HR, IT
- Lead Architecture development and Vendor Selection for security systems
Qualifications for information security risk
- Experience in technology (operational) risk management principles and assisting (through risk assessments) technology and business groups in implementing solutions that supports business activities, while managing the associated risks
- Demonstrable experience in defining and driving strategy communicating and influencing senior management in both technology and business (user) communities
- Strong program and project management skills and technology expertise required
- Ability to work effectively as part of the regional and global Technology Risk team, serving a large diverse technology and business community
- Must be able to manage both time and work load of multiple tasks without constant supervision as part of a distributed team
- Experience in business continuity as a risk management program, technology controls or technology audit fields
2
Information Security Risk Job Description
Job Description Example
Our innovative and growing company is looking to fill the role of information security risk. To join our growing team, please review the list of responsibilities and qualifications.
Responsibilities for information security risk
- Institute a robust security awareness program
- Maintain the Disaster Recovery Program to ensure systems are appropriately protected and testing, training and exercises take place
- Develop IT Risk Management program inclusive of education, procedures, risk register maintenance, action plans and management reporting to ensure projects and activities are being performed in accordance with company’s risk appetite
- Maintain and enhance the Vulnerability Management Program to provide appropriate protections for various system types including business tools, lab equipment and manufacturing systems
- Lead internal Information Security audit and assessment activities and coordinate remediation efforts
- Member of the Information Technology leadership team, providing technical knowledge and managerial expertise, assisting with the development of specific goal for the optimum use and management of IT resources
- Proactively research and stay up to date on latest access security issues
- Form and maintain relationships globally to understand changes within countries, markets and globally
- Manage oversight of control and process owners globally to ensure requirements are met and security policies are adhered to
- External email monitoring via Vontu to identify any unauthorized information sent externally
Qualifications for information security risk
- Must be able to see the customer perspective, from a business point of view, the most secure solution is not always workable or realistic considering costs and benefits
- Network or system administration experience
- 10 or more years of technology experience, either in technology infrastructure or application development
- Strong application or infrastructure information security knowledge including but not limited to secure coding practices, secure infrastructure configuration & design, security vulnerabilities
- Strong understanding of the regulatory requirements around business continuity and/or technology control across the Asia markets is a significant plus
- Business continuity knowledge in developing or maintaining business continuity plans, technology resiliency (disaster recovery), business recovery sites development and testing, and technology crisis management a plus
3
Information Security Risk Job Description
Job Description Example
Our company is growing rapidly and is hiring for an information security risk. Please review the list of responsibilities and qualifications. While this is our ideal list, we will consider candidates that do not necessarily have all of the qualifications, but have sufficient experience and talent.
Responsibilities for information security risk
- Initiate Root Cause Analysis for the incidents, provide Risk Ratings for the incidents after evaluation and assess Risk Mitigation action plans
- Reviewing potential excess or conflicting entitlements held by Operational personnel and remediating the conflict
- Initiate/Monitor Periodic Reviews of the user entitlements to recertify from functional managers
- Monitor Transfers and assist reviewers to complete the reviews in timely manner
- Preparing Reporting metrics and assist in presenting the management in an effective way
- Business Unit Information Security Officer (BUISO) – Exception Management
- Review and Evaluate Privileged access requested by users
- Periodic reviews of exceptional access to get recertified from Functional owners
- Provide security assistance on all assigned IT projects
- Coordinate/Manage small- medium user access related projects (e.g., larger attestation review cleanups, special provisioning projects, ..)
Qualifications for information security risk
- Reassess the operational risks associated with the role and inherent in the business, taking account of changing economic or market conditions, legal and regulatory requirements, operating procedures and practices, management restructurings, and the impact of new technology
- Understands their own shortfalls and knowledge gaps
- Knowledge of Information Security Standards such as NIST SP800, ISO-270001/2 and BITS SiG
- Security certifications desired such as CISA, CISSP, CISM, CRISC, ISO 27001 LA etc
- Proven experience to initiate and manage projects that will affect the NIBR division, departments and functions, the corporate environment
- Bachelor's degree or an equivalent combination of education and experience as required for specific job level.
4
Information Security Risk Job Description
Job Description Example
Our innovative and growing company is searching for experienced candidates for the position of information security risk. Thank you in advance for taking a look at the list of responsibilities and qualifications. We look forward to reviewing your resume.
Responsibilities for information security risk
- Review proposed solutions to ensure that they are compliant with HIPAA/HITECH regulations
- Communicate and work proactively and professionally with internal and external auditors other groups responsible for ensuring that an organization is properly protecting the hospital data and patient medical records
- Utilize knowledge of business security practices and procedures
- Provide documentation and communication to peers, subordinates, and senior management for status, coordination, objectives, and performance
- Responsible for system documentation and coordinating the dissemination of it to stakeholders
- Manage vendor relationships and work
- Mitigate escalations of client incidents and issues
- Remains abreast on and evaluates the need for new technologies
- Payment Card Industry (PCI) management
- Information Security Policy & Standards Development
Qualifications for information security risk
- Broad European security compliance and standards experience and throughout knowledge
- Typically requires a up to 5 years of experience in the IT risk discipline, information security or at a public company in a related field
- Minimum of 1-3 years in an IT audit or security compliance role performing IT, SOC2, PCI, and/or HIPAA audits
- Bachelor’s degree in a IT, business, or related business field required
- At least 7 years of experience in a business management role in the pharmaceutical industry preferred
- Experience in the Defense industry preferred
5
Information Security Risk Job Description
Job Description Example
Our company is looking for an information security risk. Please review the list of responsibilities and qualifications. While this is our ideal list, we will consider candidates that do not necessarily have all of the qualifications, but have sufficient experience and talent.
Responsibilities for information security risk
- Identify and negotiate mitigation strategies with stakeholders
- Assist with remediation management, including managing the risk register and remediation reporting
- Manage multiple cross-functional teams and projects concurrently with dynamic timelines
- Design and implement security for operating systems, web applications, database, and applications
- Manage firewall rulesets
- Conduct risk assessments, including those for new acquisitions
- Provide technical audits and investigation of potential security breaches
- Upon the introduction of new application, network, or hardware solutions to the SSFHS IS environment, executes a risk assessment of the solution to insure the continuity of system security
- Key contributor to our corporate risk assessment, risk management and vendor management programs
- Conduct comprehensive analysis of risk scenarios and inform key stakeholders of findings on an ongoing basis
Qualifications for information security risk
- Industry recognized certifications in the information security and risk management fields
- Visionary leader with strong business acumen and a detailed working knowledge of information security technologies, practices, policies, and their application
- A clear commercial focus that is visible through value based management
- A well respected team player with proven ability to contribute in a number of areas
- A passion for quality and value in all that is delivered
- In-depth understanding of strategic business risks