IT Security Risk Job Description
IT Security Risk Duties & Responsibilities
To write an effective IT security risk job description, begin by listing detailed duties, responsibilities and expectations. We have included IT security risk job description templates that you can modify and use.
Sample responsibilities for this position include:
IT Security Risk Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for IT Security Risk
List any licenses or certifications required by the position: CISSP, CISA, CISM, ISO27001, CRISC, PCI, ISACA, SANS, NIST, QSA
Education for IT Security Risk
Typically a job would require a certain level of education.
Employers hiring for the IT security risk job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and Master's Degree in Computer Science, Information Systems, Engineering, Information Technology, Business, Education, Information Security, Technical, Management, Technology
Skills for IT Security Risk
Desired skills for IT security risk include:
Desired experience for IT security risk includes:
IT Security Risk Examples
IT Security Risk Job Description
- Be involved in bank’s global IT projects to ensure that new systems and solutions meet bank’s security requirements
- Ensure that IT risk assessment methodology and processes are followed precisely, to the expected quality
- Provide support to stakeholders in understanding business impact of identified IT risks and defining adequate mitigation actions
- Perform risk assessments, which involve analyzing risks identifying, describing and estimating the risks affecting the business
- Lead assessments of current security technology and authentications systems and evaluate against HIPAA, Federal and State Information Protection and Privacy regulations, CHI Information Security Policies, and other relevant regulations pertaining to the protection of Enterprise information assets with respect to information security
- Proactively secure and audit network security environment and provide actionable information pertaining to risk discovery and remediation technologies, techniques, and processes
- Lead the assessment and review of new and existing technology infrastructure to identify key risk areas, and ensure adequate levels of control are in place to address those risks and develop risk mitigation techniques and processes to ensure that all reviews as actionable by system manager and the operations staff
- Develop and lead activities supporting the IT Risk Management process such as data classification and security controls maintenance
- Point of contact for GTI covering IT Risk CoG’s requirements
- Point of contact to IT Risk CoG relating to programs and IT Risk CoG requirements
- Experience in technology auditing and working with senior management is an advantage
- Has good initiative and able to work independently with minimum supervision
- Proven relationship management experience developing, influencing and growing trust-based relationships with line of business leaders, senior management, legal counsel, internal audit, and local regulators
- Recognized subject matter expert in the technical, regulatory, and cultural aspects of information security to articulate the risks and mitigation strategies to business execs
- Constructing, monitoring and auditing programs, and managing internal risk assessments and/or investigations
- Advanced skills and established experience in IT security and risk management (understanding risk assessment, legal and regulatory requirements, threats, vulnerabilities, security policies )
IT Security Risk Job Description
- Responsible for maintaining processes and procedures that defines the vulnerability management program
- Develop security standards and work with IT infrastructure teams to implement them for Network devices, OS and applications
- Use a log management tool (Splunk), develop search procedures & dashboards as required to identify & remediate cyber or product incidents
- Interacting with senior managers and organizational partners across Compliance, Legal and Internal Audit
- Prepare status reports for technology-related to provide regular reporting for senior management's meeting
- Integrate 2 existing teams into single team structure – balancing the workload across the team
- Define organization structure to align with future Target Operating Model for Production Operations
- Build transformation plan to move from existing to future state
- Provide oversight of all deliverables and activities throughout the program lifecycle and advise project teams on best practices and techniques throughout the program lifecycle
- Create strategies and deliverables that will reshape the processes to enhance or create significant growth opportunities and/or create efficiencies in the way we do business
- Proven risk management experience identifying, analyzing and communicating business and security-related risks to the organization and corporate program
- Good understanding of infrastructure components, including infrastructure security components
- Ability to travel up to 25-30% nationally, as needed
- Two or more security or vendor certifications
- Prior experience at Big 4 or in an IT auditor role is a plus
- Minimum of 5-8 years’ experience in technology risk management or associated control function
IT Security Risk Job Description
- Ensure the Company’s integrity and protection of our security framework, by enforcing Company security policies and applying various industry standards and best practices
- Participate in the steering committee or associated governance/review activities on key initiatives ensuring that existing and emerging risks for new products, processes and transformational initiatives are identified
- Lead the annual Portfolio planning and ensure IT Risk CoG senior management manages to monthly & quarterly forecasts and stays within plan for fiscal year
- Accountable for financial plan, FTE and contract managemnet, forecasting and reporting
- Liaise with finance teams for BU and Transformation strategy financial plans
- Perform as a trusted advisor for clients and our internal client teams supporting our Global and National FSS Accounts on IT Risk and Security issues and concerns
- Communicate business cases (programs and projects) for the quarterly & annual planning cycles articulating clear outcomes and metrics to demonstrate coverage & performance
- Align with service area colleagues, IT application & infrastructure teams, risk liaisons, risk management and cybersecurity teams, and business stakeholders to deliver compliance and cybersecurity controls
- Lead the creation and initiation of services / related contracts
- Assist the program and project managers in working with non-ITRMS teams (IT Program Management Office, Procurement, Finance, Business and Supplier Management teams.)
- Strong practical knowledge of development lifecycles, , project and program management concepts and controls
- Engage as a consultant to various business units for new/significant Application and/or Infrastructure development initiatives as an Information Security advisor and risk assessor, and to support the business units in the development of corrective action plans
- Strong technical background in application, data networks and server Infrastructure
- Knowledge of regulatory compliance SOX, BASEL3
- Master’s degree in Computer Science/Engineering/Networks or Management Information Systems plus two years of experience in the job offered or in IT risk analysis OR Bachelor's degree in Computer Science/Engineering/Networks or Management Information Systems plus five years of experience in the job offered or in IT risk analysis required
- Strong Microsoft Excel knowledge, inclduing exposure to using pivot tables, macros, and VLOOKUP function to analyze complex data
IT Security Risk Job Description
- Communicate ITRMS portfolio impacts to other organizations with service area representatives and Risk Liaisons
- Work closely with key stakeholders to gather requirements, understand priorities and communicate impact and context of vulnerabilities
- Establish and maintain key operational and performance metrics to measure success and effectiveness of the vulnerability management program
- Stay current on security industry trends, attack techniques, mitigation techniques, security technologies and new and evolving threats
- Analyze, recommend and facilitate the execution of IT Risk & Security key initiatives to reduce risk and
- Monitor security events, alerts, and reports for unusual or suspicious activity
- Work with Deskside support, server administration & other parts of IT to remediate incidents
- Works on more complex projects, leads smaller projects & performs routine security administration tasks
- Assist in technical support of security related to third party software, operating systems or databases
- Troubleshoots basic problems & recommends appropriate action
- Drive the IT Risk and Security Agenda for Japan
- Professional Security Management Certifications such as Certified Information Systems Security Professional (CISSP)
- TECHNICAL) Technology Audit background in a highly complex financial institution
- Sound knowledge of Asia financial market laws and regulations in relations to technology risk management processes (including technology governance, information security, business continuity planning, systems development, project management and supplier management.)
- Proficiency in Microsoft Office Suite is required to be successful in this role
- Exposure to SharePoint is a plus
IT Security Risk Job Description
- Identify and assess inherent risks to IT business functions
- Monitor and investigate security systems for any and all signs of intrusion, infection or fraudulent activity for Goodyear Globally
- Take an active approach to all initiatives regarding our anti-virus application Symantec Endpoint Protection
- Member of our 24/7 on-call Cyber Emergency Response Team (CERT)
- Develop search parameters and dashboards to identify, investigate and remediate cyber or product related incidents through our Enterprise Security
- Analyze multiple Threat Intelligence feeds and proactively scan our environment for potential threats
- Perform forensic evidence collections of machines, external drives and mobile devices during an investigation
- Responsible for planning and reporting of the budget for the unit
- Management of activities required to ensure the required level of services in the IT Security, Risk and Compliance Services area
- Optimize and continuous improve service delivery of IT Security Services support (cost, quality, time) across all the territories
- Must be passionate about pursuing a career in IT Risk, Audit, Compliance, Security Engineering, User Access Administration
- Familiarity with regulations pertaining to Risk Controls and Security
- Support all reporting requirements such as Patch Status reporting, XMAC, etc
- Inspect for compliance to regulatory controls on regular basis to ensure we are compliant pre-audit requests (SOX)
- Support Audit requests, review and respond to audit findings, define MBF’s and resolution actions to resolve deficiencies
- Ensure all applications execute the appropriate DR plans in alignment with Policy