Information Security Risk Manager Job Description
Information security risk manager
provides web and cloud security guidelines and solutions to Development teams on authentication, authorization, session management, data protection (encryption)/key management, etc.
Information Security Risk Manager Duties & Responsibilities
To write an effective information security risk manager job description, begin by listing detailed duties, responsibilities and expectations. We have included information security risk manager job description templates that you can modify and use.
Sample responsibilities for this position include:
Review and monitor the Organizational security compliance against the ISO 27001 standard
Provide key inputs and collaboration with various risk/compliance departments (i.e., Quality Management, Data Integrity, Ethics & Compliance, Cyber Security, Privacy/Legal, Records Management)
Provide subject matter expertise to Contract Managers, Business Unit Managers, and third party relationship Managers to ensure third party risk management program is in compliance with applicable regulations or policies
Responsible for confidentiality of client information and compliance with department standards and procedures
Help develop, maintain and publish up-to-date information security policies, standards and guidelines
Provide regular reporting on the current status of the information security program
Monitor the external threat environment for emerging threats
Develop and oversee effective disaster recovery policies and standards to align with enterprise business continuity management program goals
Coordinate with the agency Information Security Manager
Serve as a main point of contact for the Synchrony Financial Operational Risk team interacting with Information Security within the IT function
Information Security Risk Manager Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for Information Security Risk Manager
List any licenses or certifications required by the position: CISSP, CISM, CISA, CRISC, ISO, II, IAM, ITIL, SANS, CBSS
Education for Information Security Risk Manager
Typically a job would require a certain level of education.
Employers hiring for the information security risk manager job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and Master's Degree in Computer Science, Information Security, Information Systems, Engineering, Business, Education, Information Technology, Management, Technology, Technical
Skills for Information Security Risk Manager
Desired skills for information security risk manager include:
ISO
System and network security
Authentication
Security protocols
Authentication and authorization methodologies
Commercial
Compliance
DevSecOps
Encryption
FedRAMP
Desired experience for information security risk manager includes:
Responsible for independent Risk Oversight of Information Security
Provide guidance and independent effective challenge during functional risk assessments to ensure thorough critical thinking in assessing risks and aligning them with broader Operational and Enterprise Risk assessments
Ensure that the Synchrony Financial Information Security area develops and maintains reporting of Key Risk Indicator metrics that provide early warning indicators of impending risks
Execute a disciplined Issues Management process by ensuring that operational risk issues are reported, escalated if necessary and action plans executed according to Synchrony Financial procedures
Bachelor’s degree and 5 years of experience in information security or in lieu of a degree 9 years of experience in information security
Cyber-attack tools and defenses (e.g., man in the middle, phishing , pharming, social engineering, denial of service, data manipulating, session hijacking, hacktivisim)
Information Security Risk Manager Examples
1
Information Security Risk Manager Job Description
Job Description Example
Our growing company is hiring for an information security risk manager. To join our growing team, please review the list of responsibilities and qualifications.
Responsibilities for information security risk manager
- Supervise and manage the performance of IT Compliance Risk Analyst(s)
- Respond to audit findings, define and track remediation projects, and ensure ongoing compliance with required regulatory standards
- Support periodic risk assessments and identify strategic opportunities to adopt industry-leading security and compliance standards
- Regularly liaise with business development, client solutions, and engineering/development teams to ensure compliance requirements are adhered to in product development and support
- Service Organizational Control compliance and reporting knowledge highly desirable
- Manage and conduct Users Access Certifications with managers and data owners using SailPoint Identity IQ • Report results from standard, regulatory, and ad-hoc risk assessments to Information Security management, business owners, and Information System sponsors
- Manage a team of Information Security professionals in delivering key assignments IT Forensic & E-Discovery assignments
- Lead, manage and develop client relationships, ensuring client service levels are maintained
- Draft reports and other formal outputs and ensure quality of such deliverables
- Build and contribute to the reputation of the group within the Irish market
Qualifications for information security risk manager
- A strong understanding of network infrastructure such as VPNs, firewalls, switches, routers, LANs, Intrusion Detection, vulnerability scanning
- Experience with agile project management and process improvement methodologies
- Strong track record in information security risk management
- Solid eGRC tool management experience
- Track record of successful liaison with Audit/Legal and Enterprise Risk Management (ERM) functions
- Skilled at preparing risk readouts and reporting for all levels of the company – from operational risk remediation efforts through to Executive and Board level presentation materials
2
Information Security Risk Manager Job Description
Job Description Example
Our company is searching for experienced candidates for the position of information security risk manager. Thank you in advance for taking a look at the list of responsibilities and qualifications. We look forward to reviewing your resume.
Responsibilities for information security risk manager
- Manages department staff including hiring, evaluating performance and competency conducting disciplinary and counseling sessions as needed
- Act as primary contact with internal and external auditors during the execution of the global IT Sarbanes-Oxley Act control assessment
- Operate as a key Company contact to advise on questions related to risk, vulnerabilities and other similar changes to the Company’s infrastructure and application environments
- Oversee a program for Cloud Governance and third-party applications that will enable proactive management of associated risks
- Stay up to speed on new initiatives, projects and changes and understand the impact to the Company’s security posture
- Oversee an Access Management program that engages various process owners across departments to proactively manage risk
- Manage and maintain the integrity of the Company’s security designs within key financial systems and the environments supporting those systems
- Aid in development of security awareness training and awareness initiatives for both business and IT departments
- Collaborate on critical IT projects to ensure that access and security issues are addressed throughout a project’s life cycle
- Oversee Controls Readiness Assessment program that engages various process owners across departments to proactively identify control gaps
Qualifications for information security risk manager
- Experience in developing and documenting policies & procedures, including workflow process improvements
- The successful Information Security Risk Manager must have expert and extensive Information Security Risk and Operational Risk knowledge to face off appropriately to the different risk managers in the Group and also external parties
- Strong knowledge of information management concepts and practices
- Work in a collaborative team analysing client issues and interviewing key personnel
- Assist with the development of recommendations and presentations for client engagements participate in the elaboration of project strategies and work processes
- Identify issues and define symptoms
3
Information Security Risk Manager Job Description
Job Description Example
Our innovative and growing company is searching for experienced candidates for the position of information security risk manager. Please review the list of responsibilities and qualifications. While this is our ideal list, we will consider candidates that do not necessarily have all of the qualifications, but have sufficient experience and talent.
Responsibilities for information security risk manager
- Support the development of business unit scorecards to report compliance and risk metrics to drive change
- Tracking and reporting on key information security priorities such as compliance of applications to the information security policy, patching of applications and critical supporting infrastructure, and vulnerability management
- Conduct risk reviews of business and technology initiated projects helping to drive adoption of application and infrastructure security control and best practises
- Conduct risk reviews of 3rd party systems and applications to assess the standard and proprietary application security controls used by the application
- Investigate, coordinate and address information security incidents
- Drive China participation in global and regional Information Security programs and activities including
- Manages the security awareness program, ensuring that all employees and contractors understand the bank’s information security program and policies
- Report on the health of the IT SOX program through coordinating the annual SOX certification, generating quarterly metrics, identifying trends in gaps, and implementing tools to perform these activities
- Maintain and implement the processes for the enterprise IT audit calendar and IT audit issue tracker, including implementing any tools to support these activities
- Maintain the SOX application inventory, including annual verification, quarterly reconciliation, approvals of inventory flag changes in CMDB, and coordination of position paper submissions
Qualifications for information security risk manager
- Knowledge of operating systems (UNIX/Linux, Windows), of database management systems (Oracle, SQL Server, Sybase, ) or telecommunications (router, hub, firewall)
- Possesses or has the intention to complete the training leading to the acquisition of the CISSP designation
- Maintain excellent interpersonal relations and demonstrate an ability to work effectively as part of a team
- Show large amount of autonomy
- Possess a great sense of client service and exceed clients' expectations while remaining committed to the firm's objectives and vision
- Systematically analyse and identify problems in order to determine the causes and propose solutions
4
Information Security Risk Manager Job Description
Job Description Example
Our growing company is looking to fill the role of information security risk manager. Thank you in advance for taking a look at the list of responsibilities and qualifications. We look forward to reviewing your resume.
Responsibilities for information security risk manager
- Provide guidance on information security processes, controls, and compliance, and information security risk management to team members
- Provide Subject Matter expertise and training to IT and ISRM individuals on SOX requirements and testing
- Coordinate the SOX pre-certification call with CIA/PwC, ensure completeness and accuracy of the SOX certificate for IT Shared Services (MRC 9975) and coordinate signature of the Annual and Executive certificates by IT Shared Services senior management
- Identify and implement continuous process improvement of the IT SOX PMO
- Design, deliver, and manage the security risk management portfolio
- Establish and maintain relationships with key partners in the security, risk, legal, privacy, finance, and enterprise planning groups
- Drive consistency and clarity in risk management data models, analysis, and operating procedures
- Engage stakeholders and partners to drive key remediation and mitigation efforts
- Provide real-time and periodic views into data and models that give business decision-makers the security risk insights they need
- Participate in the continuous evolution of security within a team of highly skilled and passionate professionals
Qualifications for information security risk manager
- Experienced IT Manager or Corporate Information/IT Security Officer with broad and in-depth technical, analytical, and conceptual skills mature risk management and governance experience
- Proven experience to initiate and manage projects that will affect NIBR the corporate environment
- A credible track record of improving the productivity of delivery
- Strong VB development experience
- Subject Matter Expertise in the Information Security space, incorporating technical, process and operational elements
- Knowledge of state and federal guidelines on privacy, transactions and security
5
Information Security Risk Manager Job Description
Job Description Example
Our innovative and growing company is looking for an information security risk manager. Please review the list of responsibilities and qualifications. While this is our ideal list, we will consider candidates that do not necessarily have all of the qualifications, but have sufficient experience and talent.
Responsibilities for information security risk manager
- Lead security risk assessments to ensure compliance with regulatory mandates, corporate security policies and adherence to best practices
- Familiarity with control and security techniques involving password and access management, segregation of duties, logging and monitoring, data encryption, data backup and recovery, disaster recovery, business continuity management, …
- Develop KPI and KRI to manage team performance and key risk that can impact organizational compliance and regulatory requirements
- Act as a liaison to the business and IT groups and assists them in the implementation of data privacy, compliance requirements, and information security technologies and applications security
- ISRM relationship management with Reuters, EBS and Business Enabling Functions
- To build effective relationships and communications with cross functional teams including key stakeholder groups
- Manage issues, track remediation and register risks in partnership with the business units and ISRM
- Governance of penetration testing, application assurance, application certification and awareness programs with the business to address security vulnerabilities identified in applications and infrastructure
- Collaborate with the security architects to discuss potential solutions supporting the business strategy
- Drives service level agreements as needed with stakeholder groups
Qualifications for information security risk manager
- Ability to prioritize tasks for self and team to meet requirements and deadlines
- Strong knowledge and understanding of risk and control assessment methodologies
- Experience with developing, documenting and maintaining security policies, processes, procedures and standards required
- Should be able to work as a team player
- CISM/CRISC Certified
- Minimum of 3+ years of experience in Information Security with a proven track record of success with implementing technology projects and processes (experience can be concurrent)