Security Risk Job Description
Security Risk Duties & Responsibilities
To write an effective security risk job description, begin by listing detailed duties, responsibilities and expectations. We have included security risk job description templates that you can modify and use.
Sample responsibilities for this position include:
Security Risk Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for Security Risk
List any licenses or certifications required by the position: CISSP, CISM, CISA, CRISC, PMP, GSEC, PCI, CBCP, CPA, CPP
Education for Security Risk
Typically a job would require a certain level of education.
Employers hiring for the security risk job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and Collage Degree in Computer Science, Information Systems, Management, Information Security, Information Technology, Business, Engineering, Technology, International Relations, Law
Skills for Security Risk
Desired skills for security risk include:
Desired experience for security risk includes:
Security Risk Examples
Security Risk Job Description
- Perform vendor reviews in accordance with widely accepted security standards (e.g., ISO 27002, NIST, Shared Assessments )
- Communicate effectively (both written and verbal) with excellent organizational and multi-tasking skills
- Lead and participate in cross Line of Business working groups and committees to review and approve proposed changes in application security related controls controls assessments etc
- Performs vendor onsite security reviews as required
- Develops and maintains vendor security related contract language
- Develops and maintains vendor security review schedule
- Develops and maintains vendor security risk classification matrix
- Assists and drafting and development of vendor security related policies, standards, guidelines, procedures, and requirements
- Support the policy exception process, identify rationale, risks and compensating controls
- Develop and maintain metrics for the policy exception process
- Strong understanding of all Information Security Domains
- A Bachelor’s degree or equivalent experience in Business, Finance, Information Systems, or related field and a minimum of eight years proven and progressive technical management experience
- Sound understanding of businesses supported and security principles and policies
- Knowledge of network, system, and application monitoring technologies
- Exemplary networking and negotiation skills
- Industry recognized security certification such as CISSP, CISM
Security Risk Job Description
- Identify areas where risk assessments need to be performed
- Conduct risk assessments independently
- Identify risks to Organization's information
- Work with project managers, application managers, IS site support, vendors and other technical staff to provide effective guidance about recommended mitigation strategies
- Assist senior staff in security evaluations and assessments as needed
- Identify risk levels and possible solutions to reduce them, including technology, policy or process change
- Translate and summarize technical terminology as needed
- Respond to periodic customer requests for security and compliance information
- Work with stakeholders to understand their security and compliance needs
- Communicate promptly and clearly with stakeholders regarding more complex security incidents, events and inquiries
- Assure Supplier Data Security at all times
- Minimum 10-years of information security, audit, risk management or related client service or consulting experience
- Good interpersonal skills – ability to establish strong relationships with internal partners
- A minimum of 3 years of demonstrated experience is required, 5+ is preferred
- 1-3 years of relevant professional work experience is desired for this opportunity
- Completed Bachelor's degree is required with coursework or professional experience relevant to IT, Security, Risk, Compliance, Identity Access Management, Intrusion and Detection
Security Risk Job Description
- Effectively question stakeholders, seek clarity and agreement, review conclusions and share documented decisions
- Prepare presentations of both technical and non-technical scope
- Coordinate and execute security compliance activities to determine if security controls are implemented appropriately in accordance with different information security related contractual and regulatory requirements (SSAE 16, Meaningful Use, HIPAA, PCI)
- Communicate to and train stakeholders on contractual and regulatory control requirements, obligations, and timelines
- Effectively track and report on progress
- Develop and maintain documentation supporting compliance
- Coordinate and assist with applicable remediation activities where necessary
- Participate in security and privacy incident management and response, as necessary
- Provide support in security architecture, design, developing, monitoring and supporting enterprise infrastructure environment
- Conduct IT Risk and Security assessments and follow up mitigation items
- Diploma, associate or college degree/courses in related field (Intelligence, International Relations/Law, IT, Criminal Justice, Political Science, Crisis Management)
- Industry Certification required, CISSP, CISA, CISM or equivalent designation
- Excellent communication skills (written and verbal) comfortable and experienced in presentation development and delivery
- Ability to work under very tight deadlines
- Degree majoring in Computer Science, IT or Electrical Engineering – M.Sc./civ.ing
- Currently pursuing a Bachelor’s Degree or Master’s Degree in Computer Science, Engineering, Information Science or related area of study
Security Risk Job Description
- Supporting the Regional Head in maintaining regional key relationships and in their role as Control Manager and Risk Advisor to the business and infrastructure units
- Reviewing and challenging physical assets, building environment and people / workplace environment risk mitigation at 1st Line of Defence (LoD), engaging with 1st LoD management, Divisional Control Officers (DCOs) across businesses and infrastructure functions and regional / global Business Managers
- Advising 1st LoD to develop and execute a risk-based mitigation strategy for their own processes for all of their outsourced processes to achieve continuous improvement by pro-actively adapting to the changing risk environment, business requirements and technical changes
- Further developing and maintaining the SRM framework requirements, especially from its regional angle
- Monitoring business and infrastructure adherence to Global SRM Policy and Standards
- Designing and maintaining Management Information System (MIS) reporting
- Deputising for the Regional Head of SRM in the bank’s applicable risk and governance forums and ensuring effective risk appetite reporting if required
- Being prepared to manage any IRRM-related projects
- Being prepared to assist in the Bank’s response during a crisis (Crisis Management)
- Deputising for the Regional Head of SRM on matters related to SRM 2nd Line of Defence if required
- Must be enrolled in school during time of internship
- Typically, students currently between their Junior and Senior years or between their 1st and 2nd years of graduate school will be considered internships
- Basic knowledge of security and/or risk management concepts
- Good understanding of Technology Risk and Information Security policies and standards
- Knowledge and experience in implementing Operational Risk and Compliance frameworks
- Developed knowledge in Regulatory Compliance obligations
Security Risk Job Description
- Identify security issues and risks, and develop mitigation plans Architect, design, implement, support, and evaluate security-focused tools and services including project leadership roles
- Performing SRM’s 2nd LoD controls
- Working with 1st LoD in assessing inherent and residual risk levels based on structured risk framework
- Reviewing design and operating effectiveness of 1st LoD controls to validate that risks are mitigated to targeted levels
- Validating risk mitigation and acceptance, control points, key risk indicator’s (KRI’s), risk appetite breaches and escalation
- Providing advisory guidance for the Risk Appetite framework and associated minimum control standards by assessing the effectiveness of the 1st LoD control environment through regular and scheduled reviews
- Overseeing and challenging establishment and effectiveness of risk controls within 1st LoD and across other infrastructure and business units, in accordance with risk appetite
- Interfacing with business, infrastructure and internal and external audit functions
- Reviewing metrics and escalation reports to monitor risk and control-related developments, issues and trends
- Providing monthly and quarterly risk reporting at relevant governance, steering, working group councils
- BA/BS degree in a security or risk related field
- Bachelors degree in business, law, or criminal law OR comparable professional training
- 10+ years of Experience in leadership role within an Anti-Fraud or Financial Crime function preferred, or in forensic accounting, internal audit, investigations or risk management
- Knowledge of investigative methodology and case management experience, testifying, and managing investigations
- Knowledge of criminal and civil subpoenas and the appropriate disposition of each
- Current all all mortgage regulations with emphasis on Truth in Lending, RESPA, and ECOA