Responsibilities:
Work with project teams to provide Privacy Impact Assessments
Conduct IT Risk Assessments on External Vendor's system architecture and design to ensure the security requirements meets maturity levels
Review third party RFP responses with security architects, and evaluate SSAE16 SOC Type 2 reports and similar reports to identify key areas concerning security, risk and compliance
Conduct training to project services resources on risk, security assessment process, and data privacy assessment process
Assist with internal and external audits and assessments
Assist with the development of programs to ensure compliance to regulatory requirements
Perform other IT related assessments as assigned
Maintenance of Standards & Policies
Contribute to the maintenance of IT Policies - Clean Desk Policy, AD Password Policy
Create work instructions for evaluating requests against Standards & Policies
Evaluate requests and applies the IT exception processes to these requests
Clearly document and define risks and potential impacts and identify systems affected by the defined risk
Communication of IT Risk Services policies and standards
Maintain and contribute to SharePoint sites regarding IT Risk content
Create and/or coordinate training sessions as required
Monitoring IT Risk Services mailbox and respond to requests and customer inquiries
Answer and respond to ServiceNow help-line tickets - Administrative Rights, Removal and System identification, Ensure Software Compliance, Wireless Access Control, Email and Distribution list request, Vendor Network Access, Browser Exceptions
Log and follow up on customer issues
Interact with other teams: Global Information Security, Global Security, Cyber Security, and IT Teams as required
Disaster Recovery
Track and assist with the completion and updating of Component Recovery Plans
Communicate recommended business continuity preparations and controls, including deficiencies, to business units
Approve restoration of Backup Data to DR sites
Participate with internal audits and testing of Component and Disaster Recovery Plans
Monitoring & Reporting
Provide summary and status reports regarding assessments and project status
Summary reports exception requests and status
Awareness of all risk-centric tools within the environment
CONDITIONS OF WORK: (Note any travel requirements or physical demands required. Also note if employee will be exposed to any hazardous conditions.)
On call rotation may be required
Occasional after hours and weekend work required
Occasional travel between the business sites may be required
Qualifications:
Bachelor's degree preferred, with 3-5 years' information risk management experience preferred and/or advanced degree in related field
Educational, Licenses and Certificates.
CISSP certification or SANS certificates or certification preferred
3 + years' experience working with project teams
Understands risk and security processes and uses the knowledge to respond to customer inquiries
Strong technical writing and oral communication skills
Customer Focus
Experience interacting with internal customers and vendors
Organizational sensitivity with the ability to deliver a tough message to associates at all levels
Possess a professional attitude and work ethic in addition to being well organized and efficient
Strong computer skills, including operating systems and software with SharePoint experience a plus
Ability to instill trust; high standards of integrity
Flexibility and adaptability - adapts to changing priorities
Self-starter - demonstrates personal initiative; high personal work standards
Decisive evaluation of risk for applications and infrastructure required
Requires reading of white papers, briefs, and attending seminars and training to maintain current in technology and IT risk issues and concerns