Senior Principal Engineer, IT Security

Job Overview 综述

Seeking a highly skilled and experienced Sr. Principal - Information Security Risk Management to join our Information Security department. The incumbent will work with relevant stakeholders to design and establish processes for security risk management (identification, analysis, issue management and the reporting of risks) for all IT risks that span the organization’s technology footprint holistically. This role will support IT Risk Management with oversight of all IT system/component level risks. 

Responsibilities 职责

- Strategic Development: Contribute and assist with the ongoing development and maintenance of the IT Risk Management strategy and framework, including the education of stakeholders on risk-related matters.

- Governance: Assist with establishing risk management program adherence requirements and monitoring to ensure the program is executed within policy and standards and in compliance with industry standards expectations.

- Risk Identification and Assessment: Lead comprehensive IT risk identification, top-down risk assessments, targeted risk and the development of Key Risk Indicators (KRI's).

- Risk Advisory: Provide real-time risk advisory services, offering immediate guidance on IT risk scenarios and effective risk measurement strategies.

- Assessment (Technical & Business Processes): Collaborate with the lines of business teams to evaluate potential risk and trends, assessing their impact on business operations and communicating the significance to stakeholders.

- Issue Management: Apply strategic thinking to ensure continuous development and ongoing maturation of the Issue Management program. Analyze issue data to identify thematic issues and emerging trends, develop risk mitigation strategies and action plans in collaboration with relevant stakeholder and business units. 

- Risk Reporting: Establish, monitor, and report on KPI's/KRI's  and senior leadership/management. Conduct regular reviews and analysis of performance metrics to identify areas for improvement and drive corrective & preventive actions.

- Training and Development: Assist with advancing the company's risk culture and Risk Management Program knowledge through training, education, and awareness.

- Third Party Risk Management -  Proactively manages Third Party Risk Management outsourced service via the Managed Service Provider (MSP).

Qualifications 要求

- 8+ years if relevant experience, including IT cybersecurity experience, with a broad background in IT, IT audit, and(or) IT risk.

- Proven experience in IT Risk Management, with a strong emphasis on Cybersecurity Risk Management.

- CISA, CISSP, CISM, CRISC or other related IT security certifications is preferred including cloud platform certification.

- In-depth knowledge of IT frameworks (e.g., such as NIST CSF, CIS, ISO 27K/31K, and COSO).

- Ability to discern and measure business relevant risk from IT cybersecurity risks and issues, and to identify remediation strategy options.

- Excellent communication skills, with the ability to articulate complex risk scenarios to diverse audiences.

- Proven ability to operate independently and thrive in a dynamic, fast paced setting.

- Proficient in MS Office suite with the ability to create executive-level documentation.

- Experience with GRC platforms tools (e.g. Archer, Service Now, LogicGate, etc.).