Information Security Risk Manager

Company: Technology Consulting, Inc.
Location: Louisville
Posted on: November 15, 2024

Job Description:

TCI has an immediate need for an Information Security (IS) Risk Manager in Louisville KY or Washington D.C. area. This not a C2C opportunity. This is a 3-6 month contract opportunity with possible extensions.

Applying for this role is straight forward Scroll down and click on Apply to be considered for this position.

SUMMARY

The I.S. Risk Manager is tasked to protect information assets. This role is a core function of the broader Information Security team and is tasked with continually improving the security posture of the company through providing security-related guidance, developing and assessing compliance with security policies and standards, executing the security risk management approach, and evangelizing security matters throughout the company. The Information Security Risk Manager will manage a program to identify, classify, remediate, and mitigate security risks and vulnerabilities throughout the company. Key duties to include: Continually seek to improve the firm's security risk assessment methodology Perform risk assessments of business processes, security controls, and technology architecture based upon industry standard requirements Mature the firm's IT and Security Risk Program while enhancing underlying risk registers, security questionnaires and surveys to aid in the effective execution of risk assessments Communicate and mature security metrics Recommend security controls and/or corrective actions for mitigating technical and business risks Manage projects and enhance solutions that result from assessment findings and recommendations Research, identify, and consult with subject-matter experts to recommend risk mitigating solutions Support the security awareness program to improve overall security maturity across the firm Manage and maintain exceptions to the firm's established policies, standards and industry norms Develop trend reporting to identify areas of focus and risk concentration Manage and enhance the firm's security policies











REQUIREMENTS 5+ years of experience across IT, Information Security, Risk Management, and/or Program Management domains. 2 + years of experience working for large scale enterprise (1,000+ employees). 2+ years of experience in risk management and security governance. Solid working knowledge of established risk and security control frameworks ISO 27001 and/or NIST. Ability to communicate information about the vision and direction of our information security program to firm leadership. Must be able to communicate clearly and effectively with people from all levels. Strong verbal and written communication skills, including the ability to translate risk management concepts into business language.







PREFERRED EXPERIENCE Information Security certifications preferred (CISSP, CISA, CRISC, etc.)

Keywords: Technology Consulting, Inc., Owensboro , Information Security Risk Manager, Executive , Louisville, Kentucky