Search Jobs

Let SyllogisTeks help you find a rewarding position in IT.

Return To Job Search
Search Jobs

Director Security Risk Management

  • Profession:

    Director Security Risk Management
    • City:

      St. Louis
    • State:

      MO
    • Zip Code:

      63144
  • Status:

    Open
  • Term:

    Contract To Hire
  • Job Id:

    13956

Description:

Director Security Risk Management, Clayton location

RESPONSIBILITIES:

  • Develop a comprehensive and cohesive vendor cyber-security risk management program, including continuous improvement and maturation in the management of cyber-security related vendor risks
  • Design and conduct security risk assessments of third-party services
  • Evaluate and report to management on the security posture of possible M&A targets
  • Conduct risk assessments of Operating Companies
  • Develop and use a reporting framework to show the cyber-risk of each Operating Company
  • Maintain a security profile on critical vendor services
  • Communicate to management, through reports, presentations, metrics and other documentation, the cyber-security risks to Post that each vendor brings when we use their services
  • Track, monitor, audit and report on vendor's anomalies and/or breaches of security and report to management on potential impact to Post and its business units
  • Work with vendors to coordinate and conduct external assessment & penetration testing exercises of their services
  • Consult with vendors to define remediation requirements found from assessments
  • Validate vulnerabilities have been correctly mitigated or remediated
  • Determine the relevance and risk of emerging threats across our environment
  • Develop and maintain threat models of each vendor

Problem Solving:

  • Objectively assess the impact, likelihood, velocity, and magnitude of identified risks
  • Objectively advise on any number of technical controls that will mitigate risk will not imposing undue burden on those who must implement the controls
  • Mediate differing perspectives on risks between a variety of Technology Division stakeholders
  • Drive objectivity and build consensus among stakeholders with widely divergent perspectives and drivers
  • Rapidly analyze complex technical details
  • Synthesize detailed analysis into a "big picture" view that can be easily understood by non-technical stakeholders to support risk-based decision-making for management

Decision Making

  • Determines when exceptions, exemptions, and invocation of the risk adjudication process are merited
  • Determines and approves risk treatment decisions
  • Determines ranges of controls when risk mitigation is desired
  • Determines to methods, instrumentation, training, documentation, and processes
  • Develops solutions for automating and streamlining InfoSec risk management practices
  • Establishes the cyber-security risk management program, policies, standards, and procedures

Working Relationships:

  • Works regularly with vendors: their Business and IT management
  • Communicates regularly with I.T. management and security staffs across all business units
  • Regularly develop and present findings and assessments to senior I.T and Business Management
  • Communicates regularly with cross-functional peers, including Compliance, Internal Audit, IT Procurement, Legal and business unit leadership
  • Interacts occasionally with industry peers, standards organizations, solution providers, etc.

REQUIREMENTS:

  • Experience in Information Security and Risk Management
  • Experience in working with industry based information security and / or control frameworks (NIST Cyber Security Framework, ISO 27002, CobIT, etc.)
  • Knowledge of various risk and threat assessment models (e.g. DREAD, STRIDE, FAIR)
  • Professional certification in InfoSec or Risk Management (such as CRISC, CISM, CISSP, CGEIT, CISA)
  • Able to communicate technical issues to non-technical people
  • BA or BS degree in Information Security, Cyber Security, Computer Science or related field or commensurate experience
  • 7+ years' experience working in Information Security
  • 10+ years' experience working in IT

 

Quick Apply

  1. (required)
  2. (required)
  3. (valid email required)
 

cforms contact form by delicious:days