Information Security Risk Job Description
Information Security Risk Duties & Responsibilities
To write an effective information security risk job description, begin by listing detailed duties, responsibilities and expectations. We have included information security risk job description templates that you can modify and use.
Sample responsibilities for this position include:
Information Security Risk Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for Information Security Risk
List any licenses or certifications required by the position: CISSP, CISM, CISA, CRISC, IAT, SANS, SSCP, II, IAM, III
Education for Information Security Risk
Typically a job would require a certain level of education.
Employers hiring for the information security risk job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and Master's Degree in Computer Science, Information Security, Information Systems, Education, Information Technology, Business, Engineering, Management, Technical, Management Information Systems
Skills for Information Security Risk
Desired skills for information security risk include:
Desired experience for information security risk includes:
Information Security Risk Examples
Information Security Risk Job Description
- Update the senior account management regularly on security matters that affect the Account’s business
- Coordinate the Account security audit inspections within the region and in coordination with the Global Security Program Manager
- Lead investigations in the eventuality of serious security incidents within the region
- Drive the Security Operations Improvement plan
- Risk Assessment, Risk Management and Risk Mitigation
- Vulnerability Assessment and Penetration Testing
- Management of Security Services like Firewall, IDS/IPS, Forward and Reverse Proxys, Security Event Logging and Management, URL Filtering, Email Security etc
- Provide Specialist Consultation and Advise for Firewall, IDS/IPS, Forward and Reverse Proxys, Security Event Logging and Management, URL Filtering, Email Security, New Security Product Evaluation
- Engage with business leaders & corporate functions such as legal, HR, IT
- Lead Architecture development and Vendor Selection for security systems
- Experience in technology (operational) risk management principles and assisting (through risk assessments) technology and business groups in implementing solutions that supports business activities, while managing the associated risks
- Demonstrable experience in defining and driving strategy communicating and influencing senior management in both technology and business (user) communities
- Strong program and project management skills and technology expertise required
- Ability to work effectively as part of the regional and global Technology Risk team, serving a large diverse technology and business community
- Must be able to manage both time and work load of multiple tasks without constant supervision as part of a distributed team
- Experience in business continuity as a risk management program, technology controls or technology audit fields
Information Security Risk Job Description
- Institute a robust security awareness program
- Maintain the Disaster Recovery Program to ensure systems are appropriately protected and testing, training and exercises take place
- Develop IT Risk Management program inclusive of education, procedures, risk register maintenance, action plans and management reporting to ensure projects and activities are being performed in accordance with company’s risk appetite
- Maintain and enhance the Vulnerability Management Program to provide appropriate protections for various system types including business tools, lab equipment and manufacturing systems
- Lead internal Information Security audit and assessment activities and coordinate remediation efforts
- Member of the Information Technology leadership team, providing technical knowledge and managerial expertise, assisting with the development of specific goal for the optimum use and management of IT resources
- Proactively research and stay up to date on latest access security issues
- Form and maintain relationships globally to understand changes within countries, markets and globally
- Manage oversight of control and process owners globally to ensure requirements are met and security policies are adhered to
- External email monitoring via Vontu to identify any unauthorized information sent externally
- Must be able to see the customer perspective, from a business point of view, the most secure solution is not always workable or realistic considering costs and benefits
- Network or system administration experience
- 10 or more years of technology experience, either in technology infrastructure or application development
- Strong application or infrastructure information security knowledge including but not limited to secure coding practices, secure infrastructure configuration & design, security vulnerabilities
- Strong understanding of the regulatory requirements around business continuity and/or technology control across the Asia markets is a significant plus
- Business continuity knowledge in developing or maintaining business continuity plans, technology resiliency (disaster recovery), business recovery sites development and testing, and technology crisis management a plus
Information Security Risk Job Description
- Initiate Root Cause Analysis for the incidents, provide Risk Ratings for the incidents after evaluation and assess Risk Mitigation action plans
- Reviewing potential excess or conflicting entitlements held by Operational personnel and remediating the conflict
- Initiate/Monitor Periodic Reviews of the user entitlements to recertify from functional managers
- Monitor Transfers and assist reviewers to complete the reviews in timely manner
- Preparing Reporting metrics and assist in presenting the management in an effective way
- Business Unit Information Security Officer (BUISO) – Exception Management
- Review and Evaluate Privileged access requested by users
- Periodic reviews of exceptional access to get recertified from Functional owners
- Provide security assistance on all assigned IT projects
- Coordinate/Manage small- medium user access related projects (e.g., larger attestation review cleanups, special provisioning projects, ..)
- Reassess the operational risks associated with the role and inherent in the business, taking account of changing economic or market conditions, legal and regulatory requirements, operating procedures and practices, management restructurings, and the impact of new technology
- Understands their own shortfalls and knowledge gaps
- Knowledge of Information Security Standards such as NIST SP800, ISO-270001/2 and BITS SiG
- Security certifications desired such as CISA, CISSP, CISM, CRISC, ISO 27001 LA etc
- Proven experience to initiate and manage projects that will affect the NIBR division, departments and functions, the corporate environment
- Bachelor's degree or an equivalent combination of education and experience as required for specific job level.
Information Security Risk Job Description
- Review proposed solutions to ensure that they are compliant with HIPAA/HITECH regulations
- Communicate and work proactively and professionally with internal and external auditors other groups responsible for ensuring that an organization is properly protecting the hospital data and patient medical records
- Utilize knowledge of business security practices and procedures
- Provide documentation and communication to peers, subordinates, and senior management for status, coordination, objectives, and performance
- Responsible for system documentation and coordinating the dissemination of it to stakeholders
- Manage vendor relationships and work
- Mitigate escalations of client incidents and issues
- Remains abreast on and evaluates the need for new technologies
- Payment Card Industry (PCI) management
- Information Security Policy & Standards Development
- Broad European security compliance and standards experience and throughout knowledge
- Typically requires a up to 5 years of experience in the IT risk discipline, information security or at a public company in a related field
- Minimum of 1-3 years in an IT audit or security compliance role performing IT, SOC2, PCI, and/or HIPAA audits
- Bachelor’s degree in a IT, business, or related business field required
- At least 7 years of experience in a business management role in the pharmaceutical industry preferred
- Experience in the Defense industry preferred
Information Security Risk Job Description
- Identify and negotiate mitigation strategies with stakeholders
- Assist with remediation management, including managing the risk register and remediation reporting
- Manage multiple cross-functional teams and projects concurrently with dynamic timelines
- Design and implement security for operating systems, web applications, database, and applications
- Manage firewall rulesets
- Conduct risk assessments, including those for new acquisitions
- Provide technical audits and investigation of potential security breaches
- Upon the introduction of new application, network, or hardware solutions to the SSFHS IS environment, executes a risk assessment of the solution to insure the continuity of system security
- Key contributor to our corporate risk assessment, risk management and vendor management programs
- Conduct comprehensive analysis of risk scenarios and inform key stakeholders of findings on an ongoing basis
- Industry recognized certifications in the information security and risk management fields
- Visionary leader with strong business acumen and a detailed working knowledge of information security technologies, practices, policies, and their application
- A clear commercial focus that is visible through value based management
- A well respected team player with proven ability to contribute in a number of areas
- A passion for quality and value in all that is delivered
- In-depth understanding of strategic business risks