This job listing expired on Nov 8, 2021
Tweet

The Director of Information Security Risk Management will strengthen T2’s ability to manage information security risk across various areas of the business. He/she will identify, assess potential information security risks, and recommend mitigation to help risk owners reduce the risk to an acceptable level. Creating awareness and educating stakeholders of various levels about this process is a key part of the role. The Dir. of Information Security Risk will also play an integral part in building out and refining the overall risk program in addition to key strategic enterprise initiatives involving multiple business units.

Responsibilities

  • Identify, document, and communicate information security risks associated with T2 data stored, processed, or transmitted through 3rd party information systems and applications
  • Develop and refine security practices to ensure a balance between productivity and risk, in support of a diverse array of business services and IT applications
  • Manage T2 Information Security policies and standards coordinating with stakeholders as needed
  • Manage and mentor Information Security Risk personnel charting a path for individual growth in line with the InfoSec Risk Mgmt. program
  • Work closely with a broad array of stakeholders, from fellow IT Risk and Security leadership, legal and audit representatives, vendors, executives, and clients to meet T2 Information Security objectives
  • Influence tactical and strategic direction of the Information Security risk management program, especially as it relates to emerging risk management requirements
  • Formulate and own pivotal initiatives which provide further transparency into cyber-risk and help drive mitigation

Qualifications

  • 5+ years of experience working in Information Security Risk Management
  • 2+ years of experience managing people and wanting to see them succeed
  • 4 year bachelor degree in relevant field
  • Be able to effectively communicate, influence, and negotiate with company leadership at all levels
  • Be able to develop and nurture balanced relationships
  • Direct experience managing one or more of the following:
  • IT risk identification and assessment
  • Control design and implementation
  • Vendor (information security) risk assessments
  • Policy development
  • Data classification initiative
  • Possess and maintain IT and InfoSec technical fundamental knowledge particularly as they relate to cyber-risk
  • Experience managing consultants and third-party resources
  • Be able to establish a risk assessment methodology that is flexible enough to meet the needs of an evolving business but incorporates principles from mature pre-existing frameworks
  • Flexible, adapting to company culture and individual behavior
  • Fluency in Verbal and Written English
  • Ability to maintain positivity in times of difficulty or conflict
  • Proactive, self-motivated, and hands-on when needed