IT Security Risk Job Description
IT security risk
provides ownership” of problem thru final resolution and ability to identify root cause and put actions in place to prevent.
IT Security Risk Duties & Responsibilities
To write an effective IT security risk job description, begin by listing detailed duties, responsibilities and expectations. We have included IT security risk job description templates that you can modify and use.
Sample responsibilities for this position include:
Develop and advance CHI Information Security policies, standards and procedures in conjunction with the application and technology teams responsible for the day-to-day systems configuration and operation
Stakeholder management in order to adapt or – where necessary – establish standards/processes for efficient and effective delivery
Support maintenance of local Business Applications S&A Process Design Documents (PDDs), policies and procedures
Conduct mapping of controls to IT Risk standards to determine compliance at control design level, ensuring consistency in control mapping
Advocate for, influence and represent the GTI’s needs and interest to ensure the development of policies, standards and practices incorporates GTI’s needs and considerations
Research, develop, deploy and implement automation and efficiency tools to maximize output
Develops and standardizes processes and procedures relating to IT Security risk and change control across the technology organization, balances risk vs
Execute and oversight of IT Security Tasks, local and abroad (“LISA”)
Member of local IT Management, take over deputy role for CSIS IT Head
IT oversight as part of the deputy role for service provider, internal deliveries and external vendors
IT Security Risk Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for IT Security Risk
List any licenses or certifications required by the position: CISSP, CISA, CISM, ISO27001, CRISC, PCI, ISACA, SANS, NIST, QSA
Education for IT Security Risk
Typically a job would require a certain level of education.
Employers hiring for the IT security risk job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and Master's Degree in Computer Science, Information Systems, Engineering, Information Technology, Business, Education, Information Security, Technical, Management, Technology
Skills for IT Security Risk
Desired skills for IT security risk include:
Standards
Procedures
Data security fundamentals and best practices with prior responsibilities of protecting information assets
Databases and operating systems
NIST
Tools
Ability to develop and maintain an organization's data in order to meet business requirements
Ability to identify the root cause of problems in a timely and accurate manner and bring them to a successful resolution
Ability to leverage that information in creating customized customer solutions
Ability to manage the processes
Desired experience for IT security risk includes:
Proactive and supportive role for projects within the fund administration area and for technical (IT) related questions
Audit activities in the context of IT Security, IT Risk and Service Management
IT Service Management following ITIL (Incident, Change and Release Management) to support the setup and control of all IT contracts & Service level agreements
IT Service Management reporting towards senior management (Business & IT)
At least 8-15 years in information technology security related activity such as risk management, security design, implementation and testing
Good working knowledge of governance, risk management, compliance routines and control processes
IT Security Risk Examples
1
IT Security Risk Job Description
Job Description Example
Our company is growing rapidly and is hiring for an IT security risk. If you are looking for an exciting place to work, please take a look at the list of qualifications below.
Responsibilities for IT security risk
- Be involved in bank’s global IT projects to ensure that new systems and solutions meet bank’s security requirements
- Ensure that IT risk assessment methodology and processes are followed precisely, to the expected quality
- Provide support to stakeholders in understanding business impact of identified IT risks and defining adequate mitigation actions
- Perform risk assessments, which involve analyzing risks identifying, describing and estimating the risks affecting the business
- Lead assessments of current security technology and authentications systems and evaluate against HIPAA, Federal and State Information Protection and Privacy regulations, CHI Information Security Policies, and other relevant regulations pertaining to the protection of Enterprise information assets with respect to information security
- Proactively secure and audit network security environment and provide actionable information pertaining to risk discovery and remediation technologies, techniques, and processes
- Lead the assessment and review of new and existing technology infrastructure to identify key risk areas, and ensure adequate levels of control are in place to address those risks and develop risk mitigation techniques and processes to ensure that all reviews as actionable by system manager and the operations staff
- Develop and lead activities supporting the IT Risk Management process such as data classification and security controls maintenance
- Point of contact for GTI covering IT Risk CoG’s requirements
- Point of contact to IT Risk CoG relating to programs and IT Risk CoG requirements
Qualifications for IT security risk
- Experience in technology auditing and working with senior management is an advantage
- Has good initiative and able to work independently with minimum supervision
- Proven relationship management experience developing, influencing and growing trust-based relationships with line of business leaders, senior management, legal counsel, internal audit, and local regulators
- Recognized subject matter expert in the technical, regulatory, and cultural aspects of information security to articulate the risks and mitigation strategies to business execs
- Constructing, monitoring and auditing programs, and managing internal risk assessments and/or investigations
- Advanced skills and established experience in IT security and risk management (understanding risk assessment, legal and regulatory requirements, threats, vulnerabilities, security policies )
2
IT Security Risk Job Description
Job Description Example
Our growing company is hiring for an IT security risk. Please review the list of responsibilities and qualifications. While this is our ideal list, we will consider candidates that do not necessarily have all of the qualifications, but have sufficient experience and talent.
Responsibilities for IT security risk
- Responsible for maintaining processes and procedures that defines the vulnerability management program
- Develop security standards and work with IT infrastructure teams to implement them for Network devices, OS and applications
- Use a log management tool (Splunk), develop search procedures & dashboards as required to identify & remediate cyber or product incidents
- Interacting with senior managers and organizational partners across Compliance, Legal and Internal Audit
- Prepare status reports for technology-related to provide regular reporting for senior management's meeting
- Integrate 2 existing teams into single team structure – balancing the workload across the team
- Define organization structure to align with future Target Operating Model for Production Operations
- Build transformation plan to move from existing to future state
- Provide oversight of all deliverables and activities throughout the program lifecycle and advise project teams on best practices and techniques throughout the program lifecycle
- Create strategies and deliverables that will reshape the processes to enhance or create significant growth opportunities and/or create efficiencies in the way we do business
Qualifications for IT security risk
- Proven risk management experience identifying, analyzing and communicating business and security-related risks to the organization and corporate program
- Good understanding of infrastructure components, including infrastructure security components
- Ability to travel up to 25-30% nationally, as needed
- Two or more security or vendor certifications
- Prior experience at Big 4 or in an IT auditor role is a plus
- Minimum of 5-8 years’ experience in technology risk management or associated control function
3
IT Security Risk Job Description
Job Description Example
Our growing company is looking for an IT security risk. Please review the list of responsibilities and qualifications. While this is our ideal list, we will consider candidates that do not necessarily have all of the qualifications, but have sufficient experience and talent.
Responsibilities for IT security risk
- Ensure the Company’s integrity and protection of our security framework, by enforcing Company security policies and applying various industry standards and best practices
- Participate in the steering committee or associated governance/review activities on key initiatives ensuring that existing and emerging risks for new products, processes and transformational initiatives are identified
- Lead the annual Portfolio planning and ensure IT Risk CoG senior management manages to monthly & quarterly forecasts and stays within plan for fiscal year
- Accountable for financial plan, FTE and contract managemnet, forecasting and reporting
- Liaise with finance teams for BU and Transformation strategy financial plans
- Perform as a trusted advisor for clients and our internal client teams supporting our Global and National FSS Accounts on IT Risk and Security issues and concerns
- Communicate business cases (programs and projects) for the quarterly & annual planning cycles articulating clear outcomes and metrics to demonstrate coverage & performance
- Align with service area colleagues, IT application & infrastructure teams, risk liaisons, risk management and cybersecurity teams, and business stakeholders to deliver compliance and cybersecurity controls
- Lead the creation and initiation of services / related contracts
- Assist the program and project managers in working with non-ITRMS teams (IT Program Management Office, Procurement, Finance, Business and Supplier Management teams.)
Qualifications for IT security risk
- Strong practical knowledge of development lifecycles, , project and program management concepts and controls
- Engage as a consultant to various business units for new/significant Application and/or Infrastructure development initiatives as an Information Security advisor and risk assessor, and to support the business units in the development of corrective action plans
- Strong technical background in application, data networks and server Infrastructure
- Knowledge of regulatory compliance SOX, BASEL3
- Master’s degree in Computer Science/Engineering/Networks or Management Information Systems plus two years of experience in the job offered or in IT risk analysis OR Bachelor's degree in Computer Science/Engineering/Networks or Management Information Systems plus five years of experience in the job offered or in IT risk analysis required
- Strong Microsoft Excel knowledge, inclduing exposure to using pivot tables, macros, and VLOOKUP function to analyze complex data
4
IT Security Risk Job Description
Job Description Example
Our company is looking for an IT security risk. Please review the list of responsibilities and qualifications. While this is our ideal list, we will consider candidates that do not necessarily have all of the qualifications, but have sufficient experience and talent.
Responsibilities for IT security risk
- Communicate ITRMS portfolio impacts to other organizations with service area representatives and Risk Liaisons
- Work closely with key stakeholders to gather requirements, understand priorities and communicate impact and context of vulnerabilities
- Establish and maintain key operational and performance metrics to measure success and effectiveness of the vulnerability management program
- Stay current on security industry trends, attack techniques, mitigation techniques, security technologies and new and evolving threats
- Analyze, recommend and facilitate the execution of IT Risk & Security key initiatives to reduce risk and
- Monitor security events, alerts, and reports for unusual or suspicious activity
- Work with Deskside support, server administration & other parts of IT to remediate incidents
- Works on more complex projects, leads smaller projects & performs routine security administration tasks
- Assist in technical support of security related to third party software, operating systems or databases
- Troubleshoots basic problems & recommends appropriate action
Qualifications for IT security risk
- Drive the IT Risk and Security Agenda for Japan
- Professional Security Management Certifications such as Certified Information Systems Security Professional (CISSP)
- TECHNICAL) Technology Audit background in a highly complex financial institution
- Sound knowledge of Asia financial market laws and regulations in relations to technology risk management processes (including technology governance, information security, business continuity planning, systems development, project management and supplier management.)
- Proficiency in Microsoft Office Suite is required to be successful in this role
- Exposure to SharePoint is a plus
5
IT Security Risk Job Description
Job Description Example
Our innovative and growing company is hiring for an IT security risk. To join our growing team, please review the list of responsibilities and qualifications.
Responsibilities for IT security risk
- Identify and assess inherent risks to IT business functions
- Monitor and investigate security systems for any and all signs of intrusion, infection or fraudulent activity for Goodyear Globally
- Take an active approach to all initiatives regarding our anti-virus application Symantec Endpoint Protection
- Member of our 24/7 on-call Cyber Emergency Response Team (CERT)
- Develop search parameters and dashboards to identify, investigate and remediate cyber or product related incidents through our Enterprise Security
- Analyze multiple Threat Intelligence feeds and proactively scan our environment for potential threats
- Perform forensic evidence collections of machines, external drives and mobile devices during an investigation
- Responsible for planning and reporting of the budget for the unit
- Management of activities required to ensure the required level of services in the IT Security, Risk and Compliance Services area
- Optimize and continuous improve service delivery of IT Security Services support (cost, quality, time) across all the territories
Qualifications for IT security risk
- Must be passionate about pursuing a career in IT Risk, Audit, Compliance, Security Engineering, User Access Administration
- Familiarity with regulations pertaining to Risk Controls and Security
- Support all reporting requirements such as Patch Status reporting, XMAC, etc
- Inspect for compliance to regulatory controls on regular basis to ensure we are compliant pre-audit requests (SOX)
- Support Audit requests, review and respond to audit findings, define MBF’s and resolution actions to resolve deficiencies
- Ensure all applications execute the appropriate DR plans in alignment with Policy