Information Security Risk Lead for Ryder Systems in Helena, Montana (see listing for salary info (UCF)

Summary

The Information Security Risk Lead is responsible for the oversight and execution of the company’s Information Security function, as it relates to the design, development, implementation, and monitoring of the Information Security Risk Management program. Additionally, this role will lead the maturation and evolution of the risk management tools and methods, as well as ensuring comprehensive reporting of all security risks. The Information Security Risk Lead will work across the security team to promote awareness of the risk management program and desired risk culture. The position requires a diverse background to understand a variety of systems, including new technologies and legacy systems considered business critical.

Essential Functions

• Lead the execution and maturation of the information security risk management program

• Perform targeted risk assessments to identify and report on strengths and weaknesses in the program as they relate to privacy, security, business resiliency and compliance frameworks

• Manage and oversee the implementation and maintenance of an Enterprise GRC tool

• Work effectively with leads across the Information Security team to assist with identifying, measuring, and planning remedial action plans for information security risks

• Document and maintain workflows and design documents and procedures to identify gaps in risk posture and risk acceptability based on controls

• Create and present risk posture and recommendations to Information Security leadership

• Perform ad-hoc assessments, analysis, and reports as needed to support the team’s needs

Additional Responsibilities

• Foster and maintain good relationships with business partners and colleagues to meet expected service levels.

• Research and recommend new tools and technologies to gain efficiencies and enable functionalities.

• Deliver schedule milestones on-time to ensure project/program objectives are met.

• Performs other duties as assigned.

Skills and Abilities

• Track record of acting with integrity, taking pride in work, seeking to excel and being curious and flexible.

• Strong written and oral communication skills across varying levels of the organization.

• Understanding of service design, delivery concepts and control frameworks.

• Organized, with the ability to prioritize and complete tasks within defined SLAs.

• Excellent judgment and the ability to make quick decisions when working with complex situations.

• High degree of integrity, trustworthiness and confidence; represents the company and its management team with the highest level of professionalism

Qualifications

• Bachelor's degree required Information Security, Information Technology, Management Information Systems

• Master's degree preferred Information Security, Information Technology, Management Information Systems

• Seven (7) years or more Experience with technology risks and controls and deploying information governance, information technology risk management, compliance, information security, or privacy programs required

• Seven (7) years or more Experience with cyber security and information security program management and frameworks (e.g. NIST CSF, ISO/IEC 27000, etc.) required

• Exposure to and familiarity with relevant standards such as ISO/IEC 27000 family - Information Security Management Systems, NIST Cybersecurity Framework, NIST 800, and applicable laws related to regulatory compliance, information security and privacy (e.g. SOX, HIPAA, GDPR, PCI-DSS) intermediate required

• Knowledge of information security risk management and IT controls frameworks and methodologies (e.g. ISO/IEC 27005, COBIT, OCTAVE) intermediate required

• Knowledge of Risk Management Principles (risk avoidance, transfer, mitigation, acceptance), Risk Assessment process intermediate required

• Knowledge of Cloud Security - Cloud Control Matrix (CCM), Consensus Assessment Questionnaire (CAIQ) intermediate required

• Knowledge of Common Controls Hub - Unified Compliance Framework (UCF) intermediate preferred

• Knowledge of Standardized Information Gathering (SIG) Questionnaire intermediate preferred

• Knowledge of AICPA SOC for Service Organizations intermediate preferred

• Other Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), or Certified in Risk and Information Systems Control (CRISC) or Certified Cloud Security Professional (CCSP) credentials or International Association of Privacy Professionals (IAPP)

Travel: 1-10%

For more Info.: https://hubs.la/Q02_Ft020