Information Risk Management Senior Consultant

About The Position

Requirements

• Minimum 5 years of experience in Information Risk management: vendor risk management, project risk management, IT audit or IT controls assessment.
• Bachelor's degree or equivalent
• Proven ability to quickly and easily adapt to changes within the business and organization
• Ability to build and maintain strong relationships across teams and stakeholders
• Ability to work in a fast-paced environment.
• Ability to balance competing demands with minimal management direction/support.
• Effective communication, presentation, negotiation and influencing skills
• Strong presentation and facilitation skills for diverse audiences.
• Should have excellent time management and organizational skills to handle multiple tasks and changing priorities.
• Familiarity with laws and standards frameworks (e.g., NIST, ISO27001, GDPR, Sarbanes-Oxley, EU AI Act).

Nice To Haves

• Relevant professional designations (e.g., CISSP, CRISC, CISM, CISA) are a plus.

Responsibilities

• Acts as a liaison and trusted partner for all information security activities in the business unit, ensuring balance between the needs of the business/IT and leading security practices.
• Supports security and risk initiatives to instill cybersecurity policies and practices throughout business units.
• Collaborate with cross functional teams to ensure cybersecurity and IT controls are embedded in all new initiatives and communicates the impact to relevant stakeholders.
• Participates in key initiatives and projects to ensure that cybersecurity and IT controls are accounted for early within the project and software development lifecycles for respective business unis.
• Performs comprehensive information risk assessments of On-Prem, IAAS, PAAS, SAAS and generative AI projects, identifying and mitigating risks associated with the solutions.
• Ensure compliance with the global Information Risk Assessment methodology, policies, and standards.
• Maintains up-to-date knowledge related to cybersecurity threats, vulnerabilities and mitigations set forth to reduce the attack surface; circulate this knowledge through the business units.
• Develops and implements risk management strategies across business unit.
• Provides security consulting services to the Business and IT partners.
• Tracks and manages identified information risk issues and associated corrective action plans (CAPs), ensuring timely resolution and closure in alignment with governance requirements.
• Support operational security activities including segment specific security processes (e.g., incident response, vulnerability management, Firewall reviews).
• Respond to audits, regulatory reviews, risk and controls self-assessments.
• Provides training and advise key stakeholders on requirements, processes, standards, and best practices around information security and risk management.

Benefits

• health, dental, mental health, vision, short- and long-term disability, life and AD&D insurance coverage, adoption/surrogacy and wellness benefits, and employee/family assistance plans.
• various retirement savings plans (including pension and a global share ownership plan with employer matching contributions)
• financial education and counseling resources.
• holidays, vacation, personal, and sick days
• full range of statutory leaves of absence.