IT Security Lead - Risk Management

About The Position

Requirements

• Bachelor’s degree in computer science, Information Systems, Information Technology; equivalent experience may be considered in lieu of a degree
• 5+ years of information security experience
• 3+ years supporting governance, risk, and compliance functions
• Strong understanding of project and operational execution in complex environments, with a hands-on, delivery-focused approach
• Strong knowledge of security controls, data classification, regulatory requirements, and privacy standards, including working knowledge of ISO 27001
• Excellent analytical, documentation, and problem-solving skills, with the ability to translate risks into clear, actionable controls and audit evidence
• Proven ability to build trust and work effectively across a highly matrixed, global organization, engaging stakeholders with varying levels of technical expertise
• Proven ability to manage multiple priorities with strong attention to detail
• Excellent communication, organizational, and interpersonal skills
• Self-starter with curiosity and a continuous improvement mindset
• Service-oriented professional with high personal standards and accountability
• Working knowledge of AI governance, responsible AI principles, and emerging regulatory considerations, with the ability to translate evolving risks into practical security and compliance frameworks
• Experience supporting business continuity, disaster recovery, or operational resilience initiatives from a security or compliance perspective
• Demonstrated ability to distinguish between mandatory security requirements and best practices, and clearly articulate that distinction

Nice To Haves

• Ability to travel up to 10%, domestically

Responsibilities

• Maintain strong awareness of evolving security standards, regulatory requirements, and industry best practices, and assess their impact on organizational risk posture and compliance obligations.
• Enable effective governance and audit readiness for Business Continuity and Disaster Recovery (BCP/DR) controls, aligned with information security, incident response, and compliance requirements.
• Identify opportunities to align security and compliance initiatives with strategic business programs (e.g., digital transformation, AI adoption, operational resilience), ensuring security is embedded as a business enabler rather than a constraint.
• Provide governance support for AI and machine‑learning capabilities by maintaining and evolving security, governance, and responsible‑AI policies aligned to enterprise objectives; executing AI security and risk assessments to identify control gaps and emerging risks; coordinating with Legal, Privacy, and business stakeholders to ensure alignment with regulatory, ethical, and compliance expectations; and continuously monitoring regulatory developments, industry trends, and emerging risks to inform and strengthen governance practices.
• Support enterprise cybersecurity governance and compliance efforts, including development and maintenance of information security policies, standards, procedures, and ISO 27001 ISMS documentation.
• Perform compliance and assurance activities, including internal control reviews and external audit coordination.
• Perform information security risk assessments in accordance with the cybersecurity risk framework.
• Identify control gaps, weaknesses, and emerging risks, document findings clearly and consistently.
• Support risk owners with analysis, impact statements, and documentation.
• Track and report risk remediation activities and status.
• Execute third‑party security assessments aligned with vendor risk management processes.
• Document vendor risks, control gaps, and remediation actions.
• Maintain vendor risk documentation and audit evidence.
• Draft, review, and maintain information security policies, standards, procedures, and guidelines.
• Ensure policies align with ISO 27001, regulatory requirements, and internal governance standards.
• Perform ongoing control testing and monitoring activities.
• Track audit findings, remediation activities, and evidence closure.
• Collaborate with cross‑functional partners to support security and compliance requirements.
• Partner with Internal Controls, Internal Audit, and external auditors to provide evidence, documentation, and subject matter expertise.
• Engage with application and system owners to assess control effectiveness and document risk posture.
• Communicate findings clearly, distinguishing between required controls and best‑practice recommendations.
• Prepare accurate, well‑articulated reports on ISMS status, assessment results, and compliance metrics.
• Support documentation, publication, and communication of approved policy and control changes.
• Promote a culture of accountability, transparency, and continuous improvement within information security.
• Support security awareness activities related to policy understanding and adherence.
• Mentor and coach team members to build information security knowledge, risk awareness, and governance capabilities.
• Share knowledge with a broader audience through training sessions, forums, and cross‑functional engagements on information security topics.
• Proactively communicate security expectations, emerging risks, and best practices to drive awareness and adoption across the organization.
• Identify opportunities to improve documentation quality, assessment consistency, and governance processes while enabling team learning and growth.