Security Risk Job Description
Security risk
provides education to end users with regards to data security concepts, acceptable use and end user responsibility for protecting information assets.
Security Risk Duties & Responsibilities
To write an effective security risk job description, begin by listing detailed duties, responsibilities and expectations. We have included security risk job description templates that you can modify and use.
Sample responsibilities for this position include:
Assist in management of certain security tools such as firewall rules, proxy filter, vulnerability management or other security assessment tools
Develops and maintains vendor risk assessment methodologies, tools, techniques, and capabilities to assess the security posture and capabilities of Cotviti vendors
Manage the process for gathering enterprise risks (strategic/operational, financial and regulatory)
Provides analysis and classification of risks in terms of their frequency and potential impact to brands and company
Maintain the security risk register
Continually performs analysis of risk register entries to track changes in risk
Support continuous improvement of security risk management processes
Prepares risk reports for Remediation Director and Security Leadership analysis and decision-making
Maintain and help prioritize list of action items for Remediation Working Group
Work with brands on shorter term remediation activities
Security Risk Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for Security Risk
List any licenses or certifications required by the position: CISSP, CISM, CISA, CRISC, PMP, GSEC, PCI, CBCP, CPA, CPP
Education for Security Risk
Typically a job would require a certain level of education.
Employers hiring for the security risk job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and Collage Degree in Computer Science, Information Systems, Management, Information Security, Information Technology, Business, Engineering, Technology, International Relations, Law
Skills for Security Risk
Desired skills for security risk include:
Databases and operating systems
Information security fundamentals
Data security fundamentals and best practices with prior responsibilities of protecting information assets
NIST
Secure coding principles
COBIT
Security technologies
Best practices and industry standards with prior responsibilities of protecting information assets
Networks
Tools
Desired experience for security risk includes:
Solid understanding of the banking industry’s regulatory requirements for the managing of third parties ( , OCC, FFIEC).CRISC Certification preferred
Experience performing deep dive control reviews to identify process and control breaks
Strong written communication skills, to be able to effectively communicate the process, findings, and proposed recommendations for a security threat risk assessment in a formal written report
Have industry recognised certifications CRISC, CISSP, CISA
Define and monitor risk portfolio remediation action plans that describe how identified risks will be mitigated
5 years of experience working in financial services industry (Securities preferred)
Security Risk Examples
1
Security Risk Job Description
Job Description Example
Our company is searching for experienced candidates for the position of security risk. Please review the list of responsibilities and qualifications. While this is our ideal list, we will consider candidates that do not necessarily have all of the qualifications, but have sufficient experience and talent.
Responsibilities for security risk
- Perform vendor reviews in accordance with widely accepted security standards (e.g., ISO 27002, NIST, Shared Assessments )
- Communicate effectively (both written and verbal) with excellent organizational and multi-tasking skills
- Lead and participate in cross Line of Business working groups and committees to review and approve proposed changes in application security related controls controls assessments etc
- Performs vendor onsite security reviews as required
- Develops and maintains vendor security related contract language
- Develops and maintains vendor security review schedule
- Develops and maintains vendor security risk classification matrix
- Assists and drafting and development of vendor security related policies, standards, guidelines, procedures, and requirements
- Support the policy exception process, identify rationale, risks and compensating controls
- Develop and maintain metrics for the policy exception process
Qualifications for security risk
- Strong understanding of all Information Security Domains
- A Bachelor’s degree or equivalent experience in Business, Finance, Information Systems, or related field and a minimum of eight years proven and progressive technical management experience
- Sound understanding of businesses supported and security principles and policies
- Knowledge of network, system, and application monitoring technologies
- Exemplary networking and negotiation skills
- Industry recognized security certification such as CISSP, CISM
2
Security Risk Job Description
Job Description Example
Our company is hiring for a security risk. We appreciate you taking the time to review the list of qualifications and to apply for the position. If you don’t fill all of the qualifications, you may still be considered depending on your level of experience.
Responsibilities for security risk
- Identify areas where risk assessments need to be performed
- Conduct risk assessments independently
- Identify risks to Organization's information
- Work with project managers, application managers, IS site support, vendors and other technical staff to provide effective guidance about recommended mitigation strategies
- Assist senior staff in security evaluations and assessments as needed
- Identify risk levels and possible solutions to reduce them, including technology, policy or process change
- Translate and summarize technical terminology as needed
- Respond to periodic customer requests for security and compliance information
- Work with stakeholders to understand their security and compliance needs
- Communicate promptly and clearly with stakeholders regarding more complex security incidents, events and inquiries
Qualifications for security risk
- Assure Supplier Data Security at all times
- Minimum 10-years of information security, audit, risk management or related client service or consulting experience
- Good interpersonal skills – ability to establish strong relationships with internal partners
- A minimum of 3 years of demonstrated experience is required, 5+ is preferred
- 1-3 years of relevant professional work experience is desired for this opportunity
- Completed Bachelor's degree is required with coursework or professional experience relevant to IT, Security, Risk, Compliance, Identity Access Management, Intrusion and Detection
3
Security Risk Job Description
Job Description Example
Our company is searching for experienced candidates for the position of security risk. To join our growing team, please review the list of responsibilities and qualifications.
Responsibilities for security risk
- Effectively question stakeholders, seek clarity and agreement, review conclusions and share documented decisions
- Prepare presentations of both technical and non-technical scope
- Coordinate and execute security compliance activities to determine if security controls are implemented appropriately in accordance with different information security related contractual and regulatory requirements (SSAE 16, Meaningful Use, HIPAA, PCI)
- Communicate to and train stakeholders on contractual and regulatory control requirements, obligations, and timelines
- Effectively track and report on progress
- Develop and maintain documentation supporting compliance
- Coordinate and assist with applicable remediation activities where necessary
- Participate in security and privacy incident management and response, as necessary
- Provide support in security architecture, design, developing, monitoring and supporting enterprise infrastructure environment
- Conduct IT Risk and Security assessments and follow up mitigation items
Qualifications for security risk
- Diploma, associate or college degree/courses in related field (Intelligence, International Relations/Law, IT, Criminal Justice, Political Science, Crisis Management)
- Industry Certification required, CISSP, CISA, CISM or equivalent designation
- Excellent communication skills (written and verbal) comfortable and experienced in presentation development and delivery
- Ability to work under very tight deadlines
- Degree majoring in Computer Science, IT or Electrical Engineering – M.Sc./civ.ing
- Currently pursuing a Bachelor’s Degree or Master’s Degree in Computer Science, Engineering, Information Science or related area of study
4
Security Risk Job Description
Job Description Example
Our company is looking for a security risk. We appreciate you taking the time to review the list of qualifications and to apply for the position. If you don’t fill all of the qualifications, you may still be considered depending on your level of experience.
Responsibilities for security risk
- Supporting the Regional Head in maintaining regional key relationships and in their role as Control Manager and Risk Advisor to the business and infrastructure units
- Reviewing and challenging physical assets, building environment and people / workplace environment risk mitigation at 1st Line of Defence (LoD), engaging with 1st LoD management, Divisional Control Officers (DCOs) across businesses and infrastructure functions and regional / global Business Managers
- Advising 1st LoD to develop and execute a risk-based mitigation strategy for their own processes for all of their outsourced processes to achieve continuous improvement by pro-actively adapting to the changing risk environment, business requirements and technical changes
- Further developing and maintaining the SRM framework requirements, especially from its regional angle
- Monitoring business and infrastructure adherence to Global SRM Policy and Standards
- Designing and maintaining Management Information System (MIS) reporting
- Deputising for the Regional Head of SRM in the bank’s applicable risk and governance forums and ensuring effective risk appetite reporting if required
- Being prepared to manage any IRRM-related projects
- Being prepared to assist in the Bank’s response during a crisis (Crisis Management)
- Deputising for the Regional Head of SRM on matters related to SRM 2nd Line of Defence if required
Qualifications for security risk
- Must be enrolled in school during time of internship
- Typically, students currently between their Junior and Senior years or between their 1st and 2nd years of graduate school will be considered internships
- Basic knowledge of security and/or risk management concepts
- Good understanding of Technology Risk and Information Security policies and standards
- Knowledge and experience in implementing Operational Risk and Compliance frameworks
- Developed knowledge in Regulatory Compliance obligations
5
Security Risk Job Description
Job Description Example
Our growing company is hiring for a security risk. Thank you in advance for taking a look at the list of responsibilities and qualifications. We look forward to reviewing your resume.
Responsibilities for security risk
- Identify security issues and risks, and develop mitigation plans Architect, design, implement, support, and evaluate security-focused tools and services including project leadership roles
- Performing SRM’s 2nd LoD controls
- Working with 1st LoD in assessing inherent and residual risk levels based on structured risk framework
- Reviewing design and operating effectiveness of 1st LoD controls to validate that risks are mitigated to targeted levels
- Validating risk mitigation and acceptance, control points, key risk indicator’s (KRI’s), risk appetite breaches and escalation
- Providing advisory guidance for the Risk Appetite framework and associated minimum control standards by assessing the effectiveness of the 1st LoD control environment through regular and scheduled reviews
- Overseeing and challenging establishment and effectiveness of risk controls within 1st LoD and across other infrastructure and business units, in accordance with risk appetite
- Interfacing with business, infrastructure and internal and external audit functions
- Reviewing metrics and escalation reports to monitor risk and control-related developments, issues and trends
- Providing monthly and quarterly risk reporting at relevant governance, steering, working group councils
Qualifications for security risk
- BA/BS degree in a security or risk related field
- Bachelors degree in business, law, or criminal law OR comparable professional training
- 10+ years of Experience in leadership role within an Anti-Fraud or Financial Crime function preferred, or in forensic accounting, internal audit, investigations or risk management
- Knowledge of investigative methodology and case management experience, testifying, and managing investigations
- Knowledge of criminal and civil subpoenas and the appropriate disposition of each
- Current all all mortgage regulations with emphasis on Truth in Lending, RESPA, and ECOA