5,430 Security Leadership jobs in the United States
Manager, Information Security Risk Management
Posted 8 days ago
Job Viewed
Job Description
Hearst Technology, Inc, Information Security Office seeks a Manager, Information Security Risk Management. The Manager, Information Security Risk Management is responsible for assessing risk and managing risk information for the organization and key business units. This position assesses information security risk within essential technology functions, key business processes, documentation, and collaborates with key business leaders to assist in reducing risk and maturing the overall control environment. This position will also support Audit and Compliance functions within Hearst, focusing on PCI and HIPAA.
Team Alignment: Governance, Risk, and Compliance (GRC) Team. The GRC Team is multi-faceted and focuses on driving business value. Our mission is to establish an integrated program that ensures the overall effectiveness of capabilities that impact information security across business units globally.
- Perform security risk reviews, risk assessments and gap assessments on key business processes and new and existing technologies. Subsequently, work with various business units, as needed, to ensure controls are adequate, appropriate, and effective and that mitigation and remediation plans are in place.
- Maintain the IT risk register and risk dashboard keeping risks, and their response plans up to date; will be required to work with cross-functional teams and businesses.
- Prepare detailed recurring risk management reports with associated metrics.
- Support the implementation of a risk program including enhancing processes supporting accountability, exception requests, and overall risk reduction in accordance with NIST and COBIT Cybersecurity frameworks.
- Support vendor due-diligence process and help define overall third-party risk management efforts.
- Support risk-focused governance entities such as forums and steering committees.
- Support internal and external audit processes for relevant compliance areas including NIST CSF, NIST 800-53, PCI-DSS, HIPAA, SOX, and other external and internal requirements.
- Support key capabilities and processes across the GRC function in support of the Hearst Information Security Office using an Agile methodology approach to delivering work products and key services.
- Work collaboratively with regional and global partners in other functional units; ability to navigate a complex organization; to influence and lead people across cultures at a senior level. Collaboratively interface with global IT and business partners to provide guidance and support.
- Design and implement improvements in risk-related documentation.
- Other related duties as assigned.
Technical Skills
- Experience with IT governance, risk, and compliance management in a large global environment, while working with geographically dispersed, multidisciplinary teams.
- Experience conducting risk assessments and managing risk across departments and functions.
- Strong foundation in PCI and HIPAA compliance requirements and testing.
- Familiarity with an integrated risk management platform.
- Familiarity with security frameworks, particularly NIST and COBIT Cybersecurity Frameworks and HITRUST.
- Basic understanding and knowledge of technical fundamentals such as networking concepts, cloud computing, application development, and security best practices.
- Proficiency with Word, Excel, PowerPoint, JIRA, SharePoint.
- Experience with GRC and risk management platforms such as Prevalent and TruOps is desired.
- Strong work ethic with attention to detail and demonstrated analytical abilities.
- Attention to detail, verbal and written communication, and initiative; able to apply constructive feedback to enhance managing risk.
- Strong presentation skills with the ability to articulate complex problems and solutions through concise and clear messaging.
- Self-motivated with excellent planning and organizational skills; and the ability to prioritize tasks to meet deadlines and effectively manage changing priorities.
- Professional customer orientation with a strong commitment to providing a high standard of customer satisfaction.
- Ability to deliver client-ready documentation and participate in relevant client meetings; able to work across teams effectively and efficiently.
- Working understanding of project management principles, processes, and documentation.
- Ability to collaborate with internal and external stakeholders.
- Bachelor's Degree in Information Technology, Computer Science, or equivalent.
- Minimum 5 years of relevant experience in a risk management role with at least 2 years of practical experience in Audit and Compliance.
- Industry standard certification such as CISA, CRISC, CISM, ARM, CISSP, ISO 27001, ISO 27005 is desired.
About Us
Hearst is one of the nation's largest global, diversified information, services and media companies.
Hearst has been innovating for more than a century, leading with purpose, integrity and a culture of care, with a mission to inform audiences and improve lives.
The company's diverse portfolio includes global financial services leader Fitch Group; Hearst Health, a group of medical information and services businesses; Hearst Transportation, which includes CAMP Systems International, a major provider of software-as-a-service solutions for managing maintenance of jets and helicopters; ownership in cable television networks such as A&E, HISTORY, Lifetime and ESPN; 35 television stations; 24 daily and 52 weekly newspapers; digital services businesses; and more than 200 magazines around the world.
Hearst is always moving forward, investing in healthcare solutions to improve patient outcomes and technology that curbs emissions; providing vital analysis, data and software to the global financial services industry; delivering important service and investigative journalism; and inspiring audiences with sports and entertainment programming.
With a commitment to maintaining the highest quality in its products and services, Hearst is dedicated to serving the communities it operates in, both civically and philanthropically.
Hearst is an Equal Employment Opportunity employer. We do not discriminate in hiring on the basis of race, color, national origin, religion, creed, sex or gender, gender identity, gender expression, sexual orientation, age, physical or mental disability, military or veteran status, or any other characteristic protected by federal, state, or local law.
Information Security Risk Management Lead
Posted 8 days ago
Job Viewed
Job Description
CLS is the trusted party at the centre of the global FX ecosystem. Utilized by thousands of counterparties, CLS makes FX safer, smoother and more cost effective. Trillions of dollars' worth of currency flows through our systems each day.
Created by the market for the market, our unrivalled global settlement infrastructure reduces systemic risk and provides standardization for participants in many of the world's most actively traded currencies. We deliver huge efficiencies and savings for our clients: in fact, our approach to multilateral netting shrinks funding requirements by over 96% on average, so clients can put their capital and resources to better use.
CLS products are designed to enable clients to manage risk most effectively across the full FX lifecycle - whether through more efficient processing tools or market intelligence derived from the largest single source of FX executed data available to the market.
Our ambition to make a positive difference starts with our people. Our values - Protect, Improve, Grow - underpin everything that we do at CLS and define and shape a supportive and inclusive working environment in which everyone is encouraged to be open and forward-thinking.
Job information:
- Functional title - Information Security Risk Management Lead
- Department - Risk
- Corporate level - Director
- Report to - Head of Technology & Information Security Risk Management
- Location - New York / New Jersey
- Expected full-time salary range between $ 180K - $225K + variable compensation + 401(k) match + benefits.
- Note: Disclosure as required by NY Pay Transparency Law of the expected salary compensation range for this role.
Job purpose
The Information Security Risk Management Lead is a key member of the Risk Management team and is responsible for leading the implementation of the Enterprise and Operational Risk Management frameworks designed by CLS to identify, measure, monitor and mitigate information security risks. The successful candidate serves as a second set of eyes to management to provide review and credible challenge of the effectiveness of information security processes and controls. This position is highly engaged with the firm-wide Information Security teams who provide security solutions as well as all corporate departments that own information security risk.
Essential Function / major duties and responsibilities of the job
Strategic
- Risk Culture - Assist the CRO and Head of Enterprise Risk and Operational Risk Management in driving the culture of engagement, teamwork and accountability.
- Risk Assessments - Collaborate with the Information Security teams to guide and challenge risk assessments, and lead in efforts to strengthen the control environment in line with the evolving threat landscape.
- Process Improvements - Identify opportunities to reduce risk of recurrence of incidents and events through process evaluation and improvements plans.
- Operational Risk Management Framework - Support the CRO and Head of Enterprise Risk and Operational Risk Management in furthering the use and efficacy of the ORM framework while enhancing its applicability to manage information security risk.
- Review and Credible Challenge - Provide review and credible challenge of the information security risk profile and all associated framework components, e.g., risk and control self-assessments, control testing, event management, metrics and indicators, risk appetite, finding management, and reporting.
- Risk Oversight - Lead in executing oversight of information security risks by performing the following:
- Provide subject matter expertise to business units to drive, guide and influence risk ownership, clarity and assessment of risks & controls.
- Review and monitor the progress of actions and validate appropriateness of closure evidence.
- Thematic review of operational risk events and associated proposed actions to reduce risk of recurrence.
- Document credible challenge of information security risk appetite to support the Enterprise Risk management (ERM) program.
- Regular review and challenge of key risk indicators including thresholds and applicability to risk appetite.
- Prepare monthly and quarterly ORM/ERM reports and present to Technology Leadership, Audit, and regulatory bodies as required.
- Project Oversight - Lead in executing project oversight for information security risks by performing the following:
- Provide challenge of risk management of material information security projects that may impact the firm's risk profile.
- Work with business partners to challenge the quality of the project inherent risk assessments and contribute to the independent risk review for projects.
- Review project benefits and closure artifacts in preparation for transition to BAU.
- Governance - Actively present to various committees and forums to keep management educated on changes to CLS risk appetite.
- Relationship Management - Be a respected point of contact to stakeholders across the business and technology functions in providing operational risk coverage for information security risk.
- Advisory Services - Be a trusted advisor and provide effective challenge to stakeholders on the evolving cybersecurity and technology risk landscape.
- Policy & Procedures - Maintain and oversee relevant policies, standards, and procedures related to CLS security processes.
- Primary lead for the team to role model expected work ethic and quality, meet divisional objectives, and support career development.
- Provide guidance and support to junior members of the team.
- Interact with and present to regulatory bodies in regular continuous monitoring meetings.
- Ability to partner, influence, and maintain credibility with the business
- 10+ years of experience specifically related to information security governance, operations, and risk management.
- Broad-based technology experience at substantial scale and complexity in a global, highly regulated, high-volume transaction environment. Experience must include time operating within transaction services environments characterized by the need for continuous availability and the highest levels of security.
- Experience with developing and managing Operational Risk programs, establishing framework and on-going process in accordance with best practices and Basel requirements.
- Comfortable leading in a complex matrixed organization, ideally in a global firm with a dynamic and rapidly changing environment.
- Experience leading within a highly regulated environment, with a preference for experience at the international and federal levels. Deep knowledge of policy frameworks and a strong understanding of policies, procedures, guidelines, and structure.
- Functional expertise, with operational knowledge of and exposure to various current and emerging information security areas such as:
v Identity & privileged access management
v Secure coding practices
v Incident response
v Artificial Intelligence
v Third-party risk management
v Cloud security configuration and control frameworks
v Threat/vulnerability management
v Network security
Professional qualifications / certifications
- B.S. in a technology discipline (Computer Science, Information Management, Computer Engineering, Cybersecurity or equivalent).
- Relevant certification is desirable, e.g., CISSP, CISM, CISA, CRISC.
- Working knowledge of Risk Management life cycles based on an established framework: NIST CSF, NIST SP 800-53, ORX, ISO 27001, SANS, CERT, ENISA, CSA, OACA, ISACA.
- Proficiency in MS PowerPoint and Excel.
- Experience in broader MS Office suite, including Project and Visio is a plus
- Experience with enterprise GRC tools, e.g. Archer is a plus
Our commitment to employees:
At CLS, we celebrate diversity and consider this to be one of our strongest assets. We are committed to fostering an environment in which everyone feels comfortable to be who they are, and inclusion is valued. All employees have access to our inclusive benefits, including:
- Holiday - UK/Asia: 25 holiday days and 3 'life days' (in addition to bank holidays). US: 23 holiday days.
- 2 paid volunteer days so that you can actively support causes within your community that are important to you.
- Generous parental leave policies to ensure you can enjoy valuable time with your family.
- Parental transition coaching programmes and support services.
- Wellbeing and mental health support resources to ensure you are looking after yourself, and able to support others.
- Affinity Groups (including our Women's Forum, Black Employee Network and Pride Network) in support of our organisational commitment to embrace and always be learning more about DE&I.
- Hybrid working to promote a healthy work/life balance, enabling employees to work collaboratively in the office when needed and work from home when they don't.
- Active support of flexible working for all employees where possible.
- Monthly 'Heads Down Days' with no meetings across the whole company.
- Generous non-contributory pension provision for UK/Asia employees, and 401K match from CLS for US employees.
- Private medical insurance and dental coverage.
- Social events that give you opportunities to meet new people and broaden your network across the organisation.
- Annual flu vaccinations.
- Discounts and savings and cashback across a wide range of categories including health and retail for UK employees.
- Discounted Gym membership - Complete Body Gym Discount/Sweat equity program for US employees.
- All employees have access to Discover - our comprehensive learning platform with 1000+ courses from LinkedIn Learning.
- Access to frequent development sessions on a number of topics to help you be successful and develop your career at CLS.
Information Security Risk Management Director
Posted 23 days ago
Job Viewed
Job Description
Description
Envestnet is seeking an Information Security Risk Management Director to join our Finance department. This is a hybrid role, with in-office work required at either our Berwyn, PA or Raleigh, NC office.
Envestnet is transforming the way financial advice is delivered through its connected technology, advanced insights, and asset management solutions – backed by industry-leading service and support. Since 1999, Envestnet has served the wealth management industry and today supports trillions in platform assets, serving over a hundred thousand financial advisors. The vast majority of the nation’s leading banks, the largest wealth management and brokerage firms, and over 500 of the largest RIAs rely on Envestnet’s wealth management platform and solutions to drive business growth, boost productivity, and deliver better financial outcomes for their clients.
Envestnet’s Strategy:
- Deliver the industry-leading wealth management platform, powered by advanced data and insights
- Leverage our scale and efficiencies to serve our clients’ needs comprehensively
- Enable financial advisors to deliver more holistic advice – reflecting a more complete view of their clients’ financial lives, and in a more connected environment
For more information, please visit
Job Summary:
Reporting into the Head of Information Security, the Information Security Risk Management Director will lead the Information Security Risk Management function. The ideal candidate will bring a blend of technical acumen and strategic insight, capable of effectively communicating with stakeholders and guiding team members in alignment with our security culture and business priorities. The candidate will possess a strong background in information security risk management and cybersecurity, with working knowledge and experience in risk management frameworks such as NIST Cybersecurity Framework, NIST Risk Management Framework, NIST AI Risk Frameworks. The candidate will have an evolved understanding of the regulatory landscape for Information Security and Data Protection for the financial sector. Envestnet is looking for a strong transformational risk expert who can work closely with cross-functional security, operations, and engineering teams supporting leadership to ensure a robust comprehensive security risk management program is in place. This includes top down and bottom-up assessments, while ensuring communicate identified risks effectively, and ensure timely remediation from a technical perspective, in addition to enhancing the security risk management program capabilities.
Job Responsibilities:
- Owns the information security risk management function to conduct security risk and control assessments to identify potential risks from threats and vulnerabilities within the organization's information assets, infrastructure and applications.
- Responsible for assuring that all risk management activities are properly performed, documented, communicated professionally and clearly, and that all documentation is organized efficiently and effectively within the Archer GRC tool.
- Ensure that control effectiveness assessments are aligned with our NIST based policies and standards by collaborating with cross-functional teams to understand technical implementations and assess control effectiveness
- Partner and work closely with the peers to develop an approach to an expanded insider threat program and provide related structure, and management practices for the Envestnet enterprise.
- Responsible for refining and documenting the process used by the risk Management team and managing the adherence to it; develops new processes or modifies existing processes in alignment with NIST CSF 2.0 and other relevant risk models as needed.
- Drive information security risk orchestration activities and process improvements to ensure proper full coverage across products and services
- Communicate identified security risks and their potential impact to stakeholders, including technical and non-technical audiences using a NIST based framework for quantified and qualitative models.
- Develop and facilitate threat driven cyber scenarios and architectural visuals to support the assessment process to feed into the risk assessment pipeline and subsequent roadmaps for remediation.
- Provide metrics and outcome-based performance indicators on risk management activities and assessment results using risk quantification as needed.
- Develop and implement strategies for information security risk management, ensuring alignment with threat-driven, risk-based technical, compliance and business requirements, while providing risk-informed guidance.
- Development and maintenance of aggregated risk metrics for the cyber security program.
- Providing regular reports, presentations and updates to the head of information security to deliver to senior management on risk activities and outcomes.
- Responsible for ensuring the timely, responses, coordination and management of all risk management.
- Maintain up-to-date knowledge of industry standards, regulatory requirements, and emerging threats to inform risk assessment and remediation processes.
- Own the tooling and management of risk management process related to Archer
- Drive enhancement of the security risk management program, including developing and maintaining policies, standards, guidelines, procedures, and frameworks.
- Track and report on the status of risk remediation efforts, ensuring timely resolution and compliance with organizational policies.
- Develop and present detailed reports on risk assessments, including identified threats, vulnerabilities, and the effectiveness of implemented mitigation measures for technical and non-technical stakeholders, including senior management.
- Familiar with using and implementing GRC tools for audits and evidence management such as Archer
- Support the evolution of the information security risk management function including the use of and adoption of AI.
- Adherence to and application of Envestnet legal, compliance, risk, business continuity and administrative policy within the role and department(s) including the timely completion of training & awareness, affirmations and testing as requested.
- As part of the responsibilities for this role, you will understand and readily support Envestnet's established corporate business practices, policies, internal controls and procedures designed to create value or minimize risk
Required Qualifications:
- 10+ years of experience in security risk assessment, with a focus on quantitative and qualitative IS risk analysis, or equivalent and relevant security experience.
- One or more industry recognized and relevant Cybersecurity certifications such as CISSP, ISSMP, CRISC, CISM, CERT, CISA etc.
- Strong understanding of relevant frameworks, standards and methods related to information security risk management, cybersecurity principles, and concepts
- Knowledge of cloud security best practices and technologies (e.g., AWS, Azure, GCP) within a SAAS provider
- 7 years technical risk management function for a financial institution
- Strong project management skills with the ability to prioritize tasks and manage multiple projects and workstreams simultaneously.
- Understand and apply the architecture, security controls, and deployment models of advanced risk management and assessment methodologies, compliance frameworks (such as NIST, FAIR, CACI, GDPR, SOC2, and PCI DSS.
- Excellent communication skills at all levels, with the ability to articulate complex technical concepts to diverse audiences
- Experience developing attack scenarios to assist with risk management and assessment activities.
- Knowledge of and experience with using threat contextualization and ingestion into the risk management and cyber roadmap processes
- Experience with security risk remediation programs, including technical implementation and compliance considerations
- Direct experience with driving risk management and assessments for enterprise level program evolution and cloud service models in the financial sector
- Experience leading, assessing and managing risk in SAAS service provide.
- Familiarity with the convergence of various cyber control frameworks and the generation of control requirements in the context of risk management.
- Strong analytical and problem-solving skills, with attention to detail and accuracy.
Envestnet:
- Be a member of an innovative and industry leading financial technology and solutions company
- Competitive Compensation/Total Reward Packages that include:
- Health Benefits (Health/Dental/Vision)
- Paid Time Off (PTO) & Volunteer Time Off (VTO)
- 401K – Company Match
- Annual Bonus Incentives
- Parental Stipend
- Tuition Reimbursement
- Student Debt Program
- Charitable Match
- Wellness Program
- Health Benefits (Health/Dental/Vision)
#LI-AQ1
Information Security Risk Management Director
Posted 23 days ago
Job Viewed
Job Description
Description
Envestnet is seeking an Information Security Risk Management Director to join our Finance department. This is a hybrid role, with in-office work required at either our Berwyn, PA or Raleigh, NC office.
Envestnet is transforming the way financial advice is delivered through its connected technology, advanced insights, and asset management solutions – backed by industry-leading service and support. Since 1999, Envestnet has served the wealth management industry and today supports trillions in platform assets, serving over a hundred thousand financial advisors. The vast majority of the nation’s leading banks, the largest wealth management and brokerage firms, and over 500 of the largest RIAs rely on Envestnet’s wealth management platform and solutions to drive business growth, boost productivity, and deliver better financial outcomes for their clients.
Envestnet’s Strategy:
- Deliver the industry-leading wealth management platform, powered by advanced data and insights
- Leverage our scale and efficiencies to serve our clients’ needs comprehensively
- Enable financial advisors to deliver more holistic advice – reflecting a more complete view of their clients’ financial lives, and in a more connected environment
For more information, please visit
Job Summary:
Reporting into the Head of Information Security, the Information Security Risk Management Director will lead the Information Security Risk Management function. The ideal candidate will bring a blend of technical acumen and strategic insight, capable of effectively communicating with stakeholders and guiding team members in alignment with our security culture and business priorities. The candidate will possess a strong background in information security risk management and cybersecurity, with working knowledge and experience in risk management frameworks such as NIST Cybersecurity Framework, NIST Risk Management Framework, NIST AI Risk Frameworks. The candidate will have an evolved understanding of the regulatory landscape for Information Security and Data Protection for the financial sector. Envestnet is looking for a strong transformational risk expert who can work closely with cross-functional security, operations, and engineering teams supporting leadership to ensure a robust comprehensive security risk management program is in place. This includes top down and bottom-up assessments, while ensuring communicate identified risks effectively, and ensure timely remediation from a technical perspective, in addition to enhancing the security risk management program capabilities.
Job Responsibilities:
- Owns the information security risk management function to conduct security risk and control assessments to identify potential risks from threats and vulnerabilities within the organization's information assets, infrastructure and applications.
- Responsible for assuring that all risk management activities are properly performed, documented, communicated professionally and clearly, and that all documentation is organized efficiently and effectively within the Archer GRC tool.
- Ensure that control effectiveness assessments are aligned with our NIST based policies and standards by collaborating with cross-functional teams to understand technical implementations and assess control effectiveness
- Partner and work closely with the peers to develop an approach to an expanded insider threat program and provide related structure, and management practices for the Envestnet enterprise.
- Responsible for refining and documenting the process used by the risk Management team and managing the adherence to it; develops new processes or modifies existing processes in alignment with NIST CSF 2.0 and other relevant risk models as needed.
- Drive information security risk orchestration activities and process improvements to ensure proper full coverage across products and services
- Communicate identified security risks and their potential impact to stakeholders, including technical and non-technical audiences using a NIST based framework for quantified and qualitative models.
- Develop and facilitate threat driven cyber scenarios and architectural visuals to support the assessment process to feed into the risk assessment pipeline and subsequent roadmaps for remediation.
- Provide metrics and outcome-based performance indicators on risk management activities and assessment results using risk quantification as needed.
- Develop and implement strategies for information security risk management, ensuring alignment with threat-driven, risk-based technical, compliance and business requirements, while providing risk-informed guidance.
- Development and maintenance of aggregated risk metrics for the cyber security program.
- Providing regular reports, presentations and updates to the head of information security to deliver to senior management on risk activities and outcomes.
- Responsible for ensuring the timely, responses, coordination and management of all risk management.
- Maintain up-to-date knowledge of industry standards, regulatory requirements, and emerging threats to inform risk assessment and remediation processes.
- Own the tooling and management of risk management process related to Archer
- Drive enhancement of the security risk management program, including developing and maintaining policies, standards, guidelines, procedures, and frameworks.
- Track and report on the status of risk remediation efforts, ensuring timely resolution and compliance with organizational policies.
- Develop and present detailed reports on risk assessments, including identified threats, vulnerabilities, and the effectiveness of implemented mitigation measures for technical and non-technical stakeholders, including senior management.
- Familiar with using and implementing GRC tools for audits and evidence management such as Archer
- Support the evolution of the information security risk management function including the use of and adoption of AI.
- Adherence to and application of Envestnet legal, compliance, risk, business continuity and administrative policy within the role and department(s) including the timely completion of training & awareness, affirmations and testing as requested.
- As part of the responsibilities for this role, you will understand and readily support Envestnet's established corporate business practices, policies, internal controls and procedures designed to create value or minimize risk
Required Qualifications:
- 10+ years of experience in security risk assessment, with a focus on quantitative and qualitative IS risk analysis, or equivalent and relevant security experience.
- One or more industry recognized and relevant Cybersecurity certifications such as CISSP, ISSMP, CRISC, CISM, CERT, CISA etc.
- Strong understanding of relevant frameworks, standards and methods related to information security risk management, cybersecurity principles, and concepts
- Knowledge of cloud security best practices and technologies (e.g., AWS, Azure, GCP) within a SAAS provider
- 7 years technical risk management function for a financial institution
- Strong project management skills with the ability to prioritize tasks and manage multiple projects and workstreams simultaneously.
- Understand and apply the architecture, security controls, and deployment models of advanced risk management and assessment methodologies, compliance frameworks (such as NIST, FAIR, CACI, GDPR, SOC2, and PCI DSS.
- Excellent communication skills at all levels, with the ability to articulate complex technical concepts to diverse audiences
- Experience developing attack scenarios to assist with risk management and assessment activities.
- Knowledge of and experience with using threat contextualization and ingestion into the risk management and cyber roadmap processes
- Experience with security risk remediation programs, including technical implementation and compliance considerations
- Direct experience with driving risk management and assessments for enterprise level program evolution and cloud service models in the financial sector
- Experience leading, assessing and managing risk in SAAS service provide.
- Familiarity with the convergence of various cyber control frameworks and the generation of control requirements in the context of risk management.
- Strong analytical and problem-solving skills, with attention to detail and accuracy.
Envestnet:
- Be a member of an innovative and industry leading financial technology and solutions company
- Competitive Compensation/Total Reward Packages that include:
- Health Benefits (Health/Dental/Vision)
- Paid Time Off (PTO) & Volunteer Time Off (VTO)
- 401K – Company Match
- Annual Bonus Incentives
- Parental Stipend
- Tuition Reimbursement
- Student Debt Program
- Charitable Match
- Wellness Program
- Health Benefits (Health/Dental/Vision)
#LI-AQ1
Manager, Information Security Risk Management
Posted 1 day ago
Job Viewed
Job Description
Hearst Technology, Inc, Information Security Office seeks a Manager, Information Security Risk Management. The Manager, Information Security Risk Management is responsible for assessing risk and managing risk information for the organization and key business units. This position assesses information security risk within essential technology functions, key business processes, documentation, and collaborates with key business leaders to assist in reducing risk and maturing the overall control environment. This position will also support Audit and Compliance functions within Hearst, focusing on PCI and HIPAA.
Team Alignment: Governance, Risk, and Compliance (GRC) Team. The GRC Team is multi-faceted and focuses on driving business value. Our mission is to establish an integrated program that ensures the overall effectiveness of capabilities that impact information security across business units globally.
- Perform security risk reviews, risk assessments and gap assessments on key business processes and new and existing technologies. Subsequently, work with various business units, as needed, to ensure controls are adequate, appropriate, and effective and that mitigation and remediation plans are in place.
- Maintain the IT risk register and risk dashboard keeping risks, and their response plans up to date; will be required to work with cross-functional teams and businesses.
- Prepare detailed recurring risk management reports with associated metrics.
- Support the implementation of a risk program including enhancing processes supporting accountability, exception requests, and overall risk reduction in accordance with NIST and COBIT Cybersecurity frameworks.
- Support vendor due-diligence process and help define overall third-party risk management efforts.
- Support risk-focused governance entities such as forums and steering committees.
- Support internal and external audit processes for relevant compliance areas including NIST CSF, NIST 800-53, PCI-DSS, HIPAA, SOX, and other external and internal requirements.
- Support key capabilities and processes across the GRC function in support of the Hearst Information Security Office using an Agile methodology approach to delivering work products and key services.
- Work collaboratively with regional and global partners in other functional units; ability to navigate a complex organization; to influence and lead people across cultures at a senior level. Collaboratively interface with global IT and business partners to provide guidance and support.
- Design and implement improvements in risk-related documentation.
- Other related duties as assigned.
Technical Skills
- Experience with IT governance, risk, and compliance management in a large global environment, while working with geographically dispersed, multidisciplinary teams.
- Experience conducting risk assessments and managing risk across departments and functions.
- Strong foundation in PCI and HIPAA compliance requirements and testing.
- Familiarity with an integrated risk management platform.
- Familiarity with security frameworks, particularly NIST and COBIT Cybersecurity Frameworks and HITRUST.
- Basic understanding and knowledge of technical fundamentals such as networking concepts, cloud computing, application development, and security best practices.
- Proficiency with Word, Excel, PowerPoint, JIRA, SharePoint.
- Experience with GRC and risk management platforms such as Prevalent and TruOps is desired.
- Strong work ethic with attention to detail and demonstrated analytical abilities.
- Attention to detail, verbal and written communication, and initiative; able to apply constructive feedback to enhance managing risk.
- Strong presentation skills with the ability to articulate complex problems and solutions through concise and clear messaging.
- Self-motivated with excellent planning and organizational skills; and the ability to prioritize tasks to meet deadlines and effectively manage changing priorities.
- Professional customer orientation with a strong commitment to providing a high standard of customer satisfaction.
- Ability to deliver client-ready documentation and participate in relevant client meetings; able to work across teams effectively and efficiently.
- Working understanding of project management principles, processes, and documentation.
- Ability to collaborate with internal and external stakeholders.
- Bachelor's Degree in Information Technology, Computer Science, or equivalent.
- Minimum 5 years of relevant experience in a risk management role with at least 2 years of practical experience in Audit and Compliance.
- Industry standard certification such as CISA, CRISC, CISM, ARM, CISSP, ISO 27001, ISO 27005 is desired.
About Us
Hearst is one of the nation's largest global, diversified information, services and media companies.
Hearst has been innovating for more than a century, leading with purpose, integrity and a culture of care, with a mission to inform audiences and improve lives.
The company's diverse portfolio includes global financial services leader Fitch Group; Hearst Health, a group of medical information and services businesses; Hearst Transportation, which includes CAMP Systems International, a major provider of software-as-a-service solutions for managing maintenance of jets and helicopters; ownership in cable television networks such as A&E, HISTORY, Lifetime and ESPN; 35 television stations; 24 daily and 52 weekly newspapers; digital services businesses; and more than 200 magazines around the world.
Hearst is always moving forward, investing in healthcare solutions to improve patient outcomes and technology that curbs emissions; providing vital analysis, data and software to the global financial services industry; delivering important service and investigative journalism; and inspiring audiences with sports and entertainment programming.
With a commitment to maintaining the highest quality in its products and services, Hearst is dedicated to serving the communities it operates in, both civically and philanthropically.
Hearst is an Equal Employment Opportunity employer. We do not discriminate in hiring on the basis of race, color, national origin, religion, creed, sex or gender, gender identity, gender expression, sexual orientation, age, physical or mental disability, military or veteran status, or any other characteristic protected by federal, state, or local law.
Information Security Risk Management Lead
Posted 1 day ago
Job Viewed
Job Description
CLS is the trusted party at the centre of the global FX ecosystem. Utilized by thousands of counterparties, CLS makes FX safer, smoother and more cost effective. Trillions of dollars' worth of currency flows through our systems each day.
Created by the market for the market, our unrivalled global settlement infrastructure reduces systemic risk and provides standardization for participants in many of the world's most actively traded currencies. We deliver huge efficiencies and savings for our clients: in fact, our approach to multilateral netting shrinks funding requirements by over 96% on average, so clients can put their capital and resources to better use.
CLS products are designed to enable clients to manage risk most effectively across the full FX lifecycle - whether through more efficient processing tools or market intelligence derived from the largest single source of FX executed data available to the market.
Our ambition to make a positive difference starts with our people. Our values - Protect, Improve, Grow - underpin everything that we do at CLS and define and shape a supportive and inclusive working environment in which everyone is encouraged to be open and forward-thinking.
Job information:
- Functional title - Information Security Risk Management Lead
- Department - Risk
- Corporate level - Director
- Report to - Head of Technology & Information Security Risk Management
- Location - New York / New Jersey
- Expected full-time salary range between $ 180K - $225K + variable compensation + 401(k) match + benefits.
- Note: Disclosure as required by NY Pay Transparency Law of the expected salary compensation range for this role.
Job purpose
The Information Security Risk Management Lead is a key member of the Risk Management team and is responsible for leading the implementation of the Enterprise and Operational Risk Management frameworks designed by CLS to identify, measure, monitor and mitigate information security risks. The successful candidate serves as a second set of eyes to management to provide review and credible challenge of the effectiveness of information security processes and controls. This position is highly engaged with the firm-wide Information Security teams who provide security solutions as well as all corporate departments that own information security risk.
Essential Function / major duties and responsibilities of the job
Strategic
- Risk Culture - Assist the CRO and Head of Enterprise Risk and Operational Risk Management in driving the culture of engagement, teamwork and accountability.
- Risk Assessments - Collaborate with the Information Security teams to guide and challenge risk assessments, and lead in efforts to strengthen the control environment in line with the evolving threat landscape.
- Process Improvements - Identify opportunities to reduce risk of recurrence of incidents and events through process evaluation and improvements plans.
- Operational Risk Management Framework - Support the CRO and Head of Enterprise Risk and Operational Risk Management in furthering the use and efficacy of the ORM framework while enhancing its applicability to manage information security risk.
- Review and Credible Challenge - Provide review and credible challenge of the information security risk profile and all associated framework components, e.g., risk and control self-assessments, control testing, event management, metrics and indicators, risk appetite, finding management, and reporting.
- Risk Oversight - Lead in executing oversight of information security risks by performing the following:
- Provide subject matter expertise to business units to drive, guide and influence risk ownership, clarity and assessment of risks & controls.
- Review and monitor the progress of actions and validate appropriateness of closure evidence.
- Thematic review of operational risk events and associated proposed actions to reduce risk of recurrence.
- Document credible challenge of information security risk appetite to support the Enterprise Risk management (ERM) program.
- Regular review and challenge of key risk indicators including thresholds and applicability to risk appetite.
- Prepare monthly and quarterly ORM/ERM reports and present to Technology Leadership, Audit, and regulatory bodies as required.
- Project Oversight - Lead in executing project oversight for information security risks by performing the following:
- Provide challenge of risk management of material information security projects that may impact the firm's risk profile.
- Work with business partners to challenge the quality of the project inherent risk assessments and contribute to the independent risk review for projects.
- Review project benefits and closure artifacts in preparation for transition to BAU.
- Governance - Actively present to various committees and forums to keep management educated on changes to CLS risk appetite.
- Relationship Management - Be a respected point of contact to stakeholders across the business and technology functions in providing operational risk coverage for information security risk.
- Advisory Services - Be a trusted advisor and provide effective challenge to stakeholders on the evolving cybersecurity and technology risk landscape.
- Policy & Procedures - Maintain and oversee relevant policies, standards, and procedures related to CLS security processes.
- Primary lead for the team to role model expected work ethic and quality, meet divisional objectives, and support career development.
- Provide guidance and support to junior members of the team.
- Interact with and present to regulatory bodies in regular continuous monitoring meetings.
- Ability to partner, influence, and maintain credibility with the business
- 10+ years of experience specifically related to information security governance, operations, and risk management.
- Broad-based technology experience at substantial scale and complexity in a global, highly regulated, high-volume transaction environment. Experience must include time operating within transaction services environments characterized by the need for continuous availability and the highest levels of security.
- Experience with developing and managing Operational Risk programs, establishing framework and on-going process in accordance with best practices and Basel requirements.
- Comfortable leading in a complex matrixed organization, ideally in a global firm with a dynamic and rapidly changing environment.
- Experience leading within a highly regulated environment, with a preference for experience at the international and federal levels. Deep knowledge of policy frameworks and a strong understanding of policies, procedures, guidelines, and structure.
- Functional expertise, with operational knowledge of and exposure to various current and emerging information security areas such as:
v Identity & privileged access management
v Secure coding practices
v Incident response
v Artificial Intelligence
v Third-party risk management
v Cloud security configuration and control frameworks
v Threat/vulnerability management
v Network security
Professional qualifications / certifications
- B.S. in a technology discipline (Computer Science, Information Management, Computer Engineering, Cybersecurity or equivalent).
- Relevant certification is desirable, e.g., CISSP, CISM, CISA, CRISC.
- Working knowledge of Risk Management life cycles based on an established framework: NIST CSF, NIST SP 800-53, ORX, ISO 27001, SANS, CERT, ENISA, CSA, OACA, ISACA.
- Proficiency in MS PowerPoint and Excel.
- Experience in broader MS Office suite, including Project and Visio is a plus
- Experience with enterprise GRC tools, e.g. Archer is a plus
Our commitment to employees:
At CLS, we celebrate diversity and consider this to be one of our strongest assets. We are committed to fostering an environment in which everyone feels comfortable to be who they are, and inclusion is valued. All employees have access to our inclusive benefits, including:
- Holiday - UK/Asia: 25 holiday days and 3 'life days' (in addition to bank holidays). US: 23 holiday days.
- 2 paid volunteer days so that you can actively support causes within your community that are important to you.
- Generous parental leave policies to ensure you can enjoy valuable time with your family.
- Parental transition coaching programmes and support services.
- Wellbeing and mental health support resources to ensure you are looking after yourself, and able to support others.
- Affinity Groups (including our Women's Forum, Black Employee Network and Pride Network) in support of our organisational commitment to embrace and always be learning more about DE&I.
- Hybrid working to promote a healthy work/life balance, enabling employees to work collaboratively in the office when needed and work from home when they don't.
- Active support of flexible working for all employees where possible.
- Monthly 'Heads Down Days' with no meetings across the whole company.
- Generous non-contributory pension provision for UK/Asia employees, and 401K match from CLS for US employees.
- Private medical insurance and dental coverage.
- Social events that give you opportunities to meet new people and broaden your network across the organisation.
- Annual flu vaccinations.
- Discounts and savings and cashback across a wide range of categories including health and retail for UK employees.
- Discounted Gym membership - Complete Body Gym Discount/Sweat equity program for US employees.
- All employees have access to Discover - our comprehensive learning platform with 1000+ courses from LinkedIn Learning.
- Access to frequent development sessions on a number of topics to help you be successful and develop your career at CLS.
Manager Information Security Risk Management
Posted 1 day ago
Job Viewed
Job Description
Manager Information Security Risk Management This range is provided by Harris Health. Your actual pay will be based on your skills and experience — talk with your recruiter to learn more. Base pay range $129,292.00/yr - $71,329.00/yr Direct message the job poster from Harris Health Talent Acquisition Partner, Information Technology, Harris Health System Harris Health System is the public healthcare safety-net provider established in 1966 to serve the residents of Harris County, Texas. As an essential healthcare system, Harris Health champions better health for the entire community, with a focus on low-income uninsured and underinsured patients, through acute and primary care, wellness, disease management and population health services. Ben Taub Hospital (Level 1 Trauma Center) and Lyndon B. Johnson Hospital (Level 3 Trauma Center) anchor Harris Health’s robust network of 39 clinics, health centers, specialty locations and virtual (telemedicine) technology. Harris Health is among an elite list of health systems in the U.S. achieving Magnet nursing excellence designation for its hospitals, the prestigious National Committee for Quality Assurance designation for its patient-centered clinics and health centers and its strong partnership with nationally recognized physician faculty, residents and researchers from Baylor College of Medicine; McGovern Medical School at The University of Texas Health Science Center at Houston (UTHealth); The University of Texas MD Anderson Cancer Center; and the Tilman J. Fertitta Family College of Medicine at the University of Houston. JOB SUMMARY: The Manager Information Security Risk Management reports to the Vice President and Chief Information Security Officer (CISO) and develops, maintains and executes a continuous, flexible information security risk management program that aligns with Harris Health's overall strategic business and IT goals, and addresses the higher-risk areas and concerns of Executive Management. Works alongside the Harris County attorney team and the Harris Health corporate compliance department to review third-party contracts and ensure compliance to standards and regulations regarding information access, security, and privacy. Leads all phases of internal and third-party risk assessments as-well-as planned IT audits and reviews. Coordinates internal and third-party security audits, to include HIPAA audits, PCI DSS audits, Service Organization Controls (SOC) audits, ISO audits, SSAE 16 / ISAE 3402 audits, customer audits, and other compliance/regulatory audits. Assists VP/ CISO with decisions regarding risk and audit planning, testing plans and methodologies for risk and audit projects. Assists VP/CISO in determining reportable observations, findings and recommendations to relay to Executive Management and Board of Trustees. Develops and publishes cyber related risk and audit reports and reviews. Drafts and updates various departmental and organization-wide information security policies. MINIMUM QUALIFICATIONS: Education/Specialized training/Licensure: CISSP required. CRISC, CISA, HCISPP, CIPP, GSNA, or CCSP, must have obtained (1) additional certification within six (6) months of accepting position. Preferred CISSP (required); Must have obtained one (1) additional certification within six (6) months of accepting position. WORK EXPERIENCE: 6 years' work experience. Extensive knowledge of HIPAA Security rule, HITECH, Payment Card Industry (PCI), NIST Cybersecurity Framework. In addition, understanding of NIST SP 800-53r4, COBIT, and ITIL frameworks preferred. RSAM or other GRC tools experience preferred. Previous IT audit and risk management experience, or equivalent combination of education and experience. MANAGEMENT EXPERIENCE: Three (3) years of experience in Cyber Security or related field. SPECIAL REQUIREMENTS: Communication Skills: Exceptional Verbal (Public Speaking Other Skills: Analytical, Statistical Seniority level Seniority level Not Applicable Employment type Employment type Full-time Job function Job function Information Technology Industries Hospitals and Health Care Referrals increase your chances of interviewing at Harris Health by 2x Inferred from the description for this job Medical insurance Vision insurance 401(k) Disability insurance Get notified about new Information Security Manager jobs in Greater Houston . VP Chief Information Security Officer (CISO) Director, IT Governance, Risk, and Compliance Houston, TX $8 ,000 - 90,000 3 months ago Manager Cyber Assessment, Federal IT Compliance Issues Manager Tax Legal Business Associate Manager TTC Houston, TX 108,430 - 246,870 3 weeks ago Tax Legal Business Associate Manager TTC Sr Engineer, Cyber Insider Threat - Network Activity Logs - Remote Director, Senior Cloud Security Architect We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI. #J-18808-Ljbffr
Be The First To Know
About the latest Security leadership Jobs in United States !
Manager, Information Security Risk Management
Posted 23 days ago
Job Viewed
Job Description
Team Alignment: Governance, Risk, and Compliance (GRC) Team. The GRC Team is multi-faceted and focuses on driving business value. Our mission is to establish an integrated program that ensures the overall effectiveness of capabilities that impact information security across business units globally.
- Perform security risk reviews, risk assessments and gap assessments on key business processes and new and existing technologies. Subsequently, work with various business units, as needed, to ensure controls are adequate, appropriate, and effective and that mitigation and remediation plans are in place.
- Maintain the IT risk register and risk dashboard keeping risks, and their response plans up to date; will be required to work with cross-functional teams and businesses.
- Prepare detailed recurring risk management reports with associated metrics.
- Support the implementation of a risk program including enhancing processes supporting accountability, exception requests, and overall risk reduction in accordance with NIST and COBIT Cybersecurity frameworks.
- Support vendor due-diligence process and help define overall third-party risk management efforts.
- Support risk-focused governance entities such as forums and steering committees.
- Support internal and external audit processes for relevant compliance areas including NIST CSF, NIST 800-53, PCI-DSS, HIPAA, SOX, and other external and internal requirements.
- Support key capabilities and processes across the GRC function in support of the Hearst Information Security Office using an Agile methodology approach to delivering work products and key services.
- Work collaboratively with regional and global partners in other functional units; ability to navigate a complex organization; to influence and lead people across cultures at a senior level. Collaboratively interface with global IT and business partners to provide guidance and support.
- Design and implement improvements in risk-related documentation.
- Other related duties as assigned.
Who You Are: As a mid-level position, comfort and experience with all aspects of governance, risk, and compliance is required.
Technical Skills
- Experience with IT governance, risk, and compliance management in a large global environment, while working with geographically dispersed, multidisciplinary teams.
- Experience conducting risk assessments and managing risk across departments and functions.
- Strong foundation in PCI and HIPAA compliance requirements and testing.
- Familiarity with an integrated risk management platform.
- Familiarity with security frameworks, particularly NIST and COBIT Cybersecurity Frameworks and HITRUST.
- Basic understanding and knowledge of technical fundamentals such as networking concepts, cloud computing, application development, and security best practices.
- Proficiency with Word, Excel, PowerPoint, JIRA, SharePoint.
- Experience with GRC and risk management platforms such as Prevalent and TruOps is desired.
Soft Skills
- Strong work ethic with attention to detail and demonstrated analytical abilities.
- Attention to detail, verbal and written communication, and initiative; able to apply constructive feedback to enhance managing risk.
- Strong presentation skills with the ability to articulate complex problems and solutions through concise and clear messaging.
- Self-motivated with excellent planning and organizational skills; and the ability to prioritize tasks to meet deadlines and effectively manage changing priorities.
- Professional customer orientation with a strong commitment to providing a high standard of customer satisfaction.
- Ability to deliver client-ready documentation and participate in relevant client meetings; able to work across teams effectively and efficiently.
- Working understanding of project management principles, processes, and documentation.
- Ability to collaborate with internal and external stakeholders.
Qualifications
- Bachelor's Degree in Information Technology, Computer Science, or equivalent.
- Minimum 5 years of relevant experience in a risk management role with at least 2 years of practical experience in Audit and Compliance.
- Industry standard certification such as CISA, CRISC, CISM, ARM, CISSP, ISO 27001, ISO 27005 is desired.
Hearst has been innovating for more than a century, leading with purpose, integrity and a culture of care, with a mission to inform audiences and improve lives.
The company's diverse portfolio includes global financial services leader Fitch Group; Hearst Health, a group of medical information and services businesses; Hearst Transportation, which includes CAMP Systems International, a major provider of software-as-a-service solutions for managing maintenance of jets and helicopters; ownership in cable television networks such as A&E, HISTORY, Lifetime and ESPN; 35 television stations; 24 daily and 52 weekly newspapers; digital services businesses; and more than 200 magazines around the world.
Hearst is always moving forward, investing in healthcare solutions to improve patient outcomes and technology that curbs emissions; providing vital analysis, data and software to the global financial services industry; delivering important service and investigative journalism; and inspiring audiences with sports and entertainment programming.
With a commitment to maintaining the highest quality in its products and services, Hearst is dedicated to serving the communities it operates in, both civically and philanthropically.
Hearst is an Equal Employment Opportunity employer. We do not discriminate in hiring on the basis of race, color, national origin, religion, creed, sex or gender, gender identity, gender expression, sexual orientation, age, physical or mental disability, military or veteran status, or any other characteristic protected by federal, state, or local law.
Security Risk Management Specialist
Posted today
Job Viewed
Job Description
Join to apply for the Security Risk Management Specialist role at Canonical Continue with Google Continue with Google Join to apply for the Security Risk Management Specialist role at Canonical In security risk management we're looking to harness the power of industry best practice combined with driving new innovation on how we do security risk assessments and modelling. Our security risk management team is the primary owner of the strategy and practices of how we identify, track and reduce our security risk across everything we do. To support this we need to use industry best practices paired with emerging threat information to to promote risk identification, quantification, impact analysis, and modelling to ultimately drive decision making. In this role, you will help establish and execute a broad strategic vision for the security risk program at Canonical. You will not only work within the team but also cross-functionally with various teams across the organisation. The team contributes ideas and requirements for Canonical product security, improving the resilience and robustness of all Ubuntu customers and users subject to cyber attacks. Additionally, the team collaborates with our Organisational Learning and Development team to develop playbooks and facilitate security training across Canonical. The security risk management team's mission is not only to secure Canonical, but also to contribute to the security of the wider open source ecosystem. They might share knowledge through public presentations and industry events, and share threat intelligence with the wider community or represent Canonical in sector-specific governance bodies. What you will do in this role: Define Canonical's security risk management standards and playbooks Analyse and improve Canonical's security risk practices Evaluate, select and implement new security requirements, tools and practices Grow the presence and thought leadership of Canonical security risk management practice Develop Canonical security risk learning and development materials Work with Security leadership to present information and influence change Participate in developing key risk indicators, provide inputs to the development of key control indicators, and key performance indicators for various programs Apply statistical models to risk frameworks (such as FAIR, sensitivity analysis, and others) Participate in risk management, decision-making, and collaborative discussions Lead quantified risk assessments and understand the value of qualitative data for improvements to quality and engineering processes Interpret internal or external cyber security risk analyses in business terms and recommend a responsible course of action Develop templates and materials to help with self-service risk management actions Monitor and identify opportunities to improve the effectiveness of risk management processes Launch campaigns to perform security assessments and help mitigate security risks across the company Build evaluation methods and performance indicators to measure efficiency of security functions and capabilities. What we are looking for An exceptional academic track record Undergraduate degree in Computer Science or STEM, or a compelling narrative about your alternative path Drive and a track record of going above-and-beyond expectations Deep personal motivation to be at the forefront of technology security Leadership and management ability Excellent business English writing and presentation skills Problem-solver with excellent communication skills, a deep technical understanding of security assessments and risk management Expertise in threat modelling and risk management frameworks Broad knowledge of how to operationalize the management of security risk Experience in Secure Development Lifecycle and Security by Design methodology What we offer you We consider geographical location, experience, and performance in shaping compensation worldwide. We revisit compensation annually (and more often for graduates and associates) to ensure we recognise outstanding performance. In addition to base pay, we offer a performance-driven annual bonus. We provide all team members with additional benefits, which reflect our values and ideals. We balance our programs to meet local needs and ensure fairness globally. Distributed work environment with twice-yearly team sprints in person Personal learning and development budget of USD 2,000 per year Annual compensation review Recognition rewards Annual holiday leave Maternity and paternity leave Employee Assistance Programme Opportunity to travel to new locations to meet colleagues Priority Pass, and travel upgrades for long haul company events About Canonical Canonical is a pioneering tech firm at the forefront of the global move to open source. As the company that publishes Ubuntu, one of the most important open source projects and the platform for AI, IoT and the cloud, we are changing the world on a daily basis. We recruit on a global basis and set a very high standard for people joining the company. We expect excellence - in order to succeed, we need to be the best at what we do. Canonical has been a remote-first company since its inception in 2004. Working here is a step into the future, and will challenge you to think differently, work smarter, learn new skills, and raise your game. Canonical is an equal opportunity employer We are proud to foster a workplace free from discrimination. Diversity of experience, perspectives, and background create a better work environment and better products. Whatever your identity, we will give your application fair consideration. Seniority level Seniority level Entry level Employment type Employment type Full-time Job function Job function Finance and Sales Industries Software Development Referrals increase your chances of interviewing at Canonical by 2x Get notified about new Risk Management Specialist jobs in San Diego, CA . Sr. Security Analyst I (Governance, Risk & Compliance) Business Tax Analyst- Work From Home - 3+ Yrs Paid Tax Experience Required We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI. #J-18808-Ljbffr
Director Security Risk Management
Posted today
Job Viewed
Job Description
Description
- Home
- Search Jobs
- Job Description
Director Security Risk Management
Contract: Charlotte, North Carolina, US
Salary Range: 50.00 - 80.00 | Per Hour
Job Code: 363591
End Date: 2025-08-10
Days Left: 20 days, 3 hours left
Apply
Day To Day Responsbilities:
- Build and implement a scalable risk framework covering fraud, credit, and operational risk
- Lead a team of 3-5 existing Risk Operations professionals; eventually build and manage a dedicated Risk Analytics team
- Collaborate with a third-party risk vendor to implement a comprehensive risk roadmap
- Drive automation initiatives for high-priority manual workflows
- Create and enforce policies to mitigate fraud losses, credit defaults, and ensure regulatory compliance
- Oversee adoption of tools and platforms for real-time risk monitoring and mitigation
- Partner cross-functionally with leaders in product, engineering, compliance, and finance
- Ensure preparedness for compliance with regulatory standards: KYC, AML, data privacy, etc.
- 10+ years of risk leadership experience within fintech, payments, or financial services
- Demonstrated success building and scaling risk teams and frameworks in startup or growth-stage environments
- Deep knowledge of payments risk, fraud prevention, credit risk modeling, and compliance
- Strong analytical background with exposure to risk analytics platforms
- Excellent communication and executive presence, able to align senior leadership on risk priorities
- Familiarity with Stripe or similar payments platforms
- Experience with machine learning or data science for risk modeling
- Background in consulting or fractional executive roles
- Exposure to international risk standards and cross-border compliance
- $60 to $80
- fraud
- credit
- operational risk
- automation
- regulatory
- Recruiter
- Phone
- Tushar Jadhav
Apply Now