Cyber Security Communications and Risk Manager

Cyber Security Communications and Risk Manager

Monday-Friday, 8:00am-5:00pm EST

Remote Work Model (United States)
 

The Cyber Security Communications and Risk Manager is an essential role to assist our business with making risk informed decisions. The position is responsible for supporting the security direction of the business and elevating the company’s security posture across multiple jurisdictions.  The position requires an understanding of managing cyber risk in new technologies and legacy systems. The Cyber Security Communications and Risk Manager is responsible for leading security education and communication programs which enable CSC employees to embrace a culture of confidentiality by making informed risk-based decisions.

The ideal candidate has a strong IT security and risk management background, proven experience creating highly creative cyber security user awareness programs including multi-channel communication strategies and experience developing IT cyber security policies. 

In tandem with security leadership, the Cyber Security Communications and Risk Manager consistently assesses, audits, and validates the assurance of the security program. As a primary point for IT risk management, the Cyber Security Communications and Risk Manager monitors progress and coordinates resolution of outstanding issues that may lead to non-compliance or security threats to the business using policies, risk registers and monitoring. 

Essential Job Duties

• Identify the top human risks to CSC and develop and maintain a security communication and risk program that effectively changes these behaviors, so CSC employees act in a secure manner, reducing risk to our organization.
• Build relationships with global teams across businesses, jurisdictions and legal and Second Line of Defense to promote effective management of technology risks and regulatory compliance.
• Manage a global IT risk management program as part of the First Line of Defense strategy and including IT risk assessments.
• Document and maintain IT and information security policies, standards and guidelines in alignment with current regulatory requirements and business risk appetite.
• Engage with IT project teams to identify and mitigate cyber security risks and build solutions that maximize User Experience principles while also being compliant with global regulatory requirements.
• Create and manage a multi-channel information security awareness training program for all employees, contractors, internal board/management members and external third-party service providers.
• Conduct simulated email phishing exercises as part of a comprehensive security awareness program.  Develop creative communication campaigns to raise user awareness about their role in information security.

 Skills and Experience 

• At least 6+ years’ experience in IT cybersecurity, risk management and/or security awareness and training as a practitioner.
• Prior experience teaching and presenting to broad audiences using highly effective and engaging methods.
• Project management experience including planning, managing and maintaining a complex, organization-wide program.
• Exceptional written and verbal communication skills, and proven ability to translate security and risk to all levels of the business. Extensive knowledge and understanding of technology policies, standards, and guidelines.  Understanding of global regulations and IT compliance.
• Knowledge of global technology laws, regulations and standards, including but not limited to PCI, SOX, FFIEC, GDPR, AIFMD, PSD2, EBA, ESMA, CSSF. 
• Knowledge and understanding of audit standards and practices, and control frameworks (ISO, NIST, COSO, COBIT, CCM, etc.).

Education and Certification Requirements 

• Bachelor’s degree in computer science, information assurance, MIS and/or education, journalism, communication or equivalent industry experience.
• Holds one or more security, audit or risk industry certifications such as: CISSP, CISM, CRISC, CISA, CIA, CIPP, CIPT, CIPM, CERA, CRM, GRCP, or GRCA.

#LI- CS1

CSC is a global business, legal, and financial services company based in Wilmington, Delaware, USA, providing knowledge-based solutions to clients worldwide. We have offices and capabilities in over 140 jurisdictions in the Americas, Europe, Asia Pacific, and the Middle East, and more than 8,000 colleagues. We are the business behind business.®

Visit our careers site to learn more about CSC and our commitment to our clients, communities, and each other.

CSC is committed to creating a feeling of belonging through a diverse and growth-oriented environment where everyone is valued.

CSC colleagues have global career opportunities and excellent benefits, including annual success-sharing bonuses or commission plans based on individual performance. To learn more, visit cscglobal.com/service/careers. 

We offer a range of support to colleagues with disabilities, ensuring people have the necessary resources to thrive in their roles. We encourage candidates to work closely with our talent acquisition partners to convey their specific needs. Our commitment to accessibility reflects our broader dedication to diversity and belonging,

CSC only accepts resumes from employment agencies that are part of our approved supplier program. Resumes submitted from other agencies either to talent acquisition, our hiring leaders, employees, or through any other mechanism other than our supplier process, will not be eligible to claim related fees and the submitted resumes will be considered property of CSC.

We encourage candidates to apply directly to our website and not through third-party sources.

Disclaimer: The information above describes the general nature and level of work performed by employees in this role. It is not intended to describe all duties, responsibilities, and qualifications.