Manager, Information Security Risk Management

HearstCharlotte, NC
113d$135,000 - $150,000
Match Resume

About The Position

Hearst Technology, Inc, Information Security Office seeks a Manager, Information Security Risk Management. The Manager, Information Security Risk Management is responsible for assessing risk and managing risk information for the organization and key business units. This position assesses information security risk within essential technology functions, key business processes, documentation, and collaborates with key business leaders to assist in reducing risk and maturing the overall control environment. This position will also support Audit and Compliance functions within Hearst, focusing on PCI and HIPAA. Team Alignment: Governance, Risk, and Compliance (GRC) Team. The GRC Team is multi-faceted and focuses on driving business value. Our mission is to establish an integrated program that ensures the overall effectiveness of capabilities that impact information security across business units globally.

Requirements

  • Bachelor's Degree in Information Technology, Computer Science, or equivalent.
  • Minimum 5 years of relevant experience in a risk management role with at least 2 years of practical experience in Audit and Compliance.
  • Experience with IT governance, risk, and compliance management in a large global environment.
  • Experience conducting risk assessments and managing risk across departments and functions.
  • Strong foundation in PCI and HIPAA compliance requirements and testing.
  • Familiarity with an integrated risk management platform.
  • Familiarity with security frameworks, particularly NIST and COBIT Cybersecurity Frameworks and HITRUST.
  • Basic understanding and knowledge of technical fundamentals such as networking concepts, cloud computing, application development, and security best practices.
  • Proficiency with Word, Excel, PowerPoint, JIRA, SharePoint.

Nice To Haves

  • Experience with GRC and risk management platforms such as Prevalent and TruOps.
  • Industry standard certification such as CISA, CRISC, CISM, ARM, CISSP, ISO 27001, ISO 27005.

Responsibilities

  • Perform security risk reviews, risk assessments and gap assessments on key business processes and new and existing technologies.
  • Work with various business units to ensure controls are adequate, appropriate, and effective and that mitigation and remediation plans are in place.
  • Maintain the IT risk register and risk dashboard keeping risks and their response plans up to date.
  • Prepare detailed recurring risk management reports with associated metrics.
  • Support the implementation of a risk program including enhancing processes supporting accountability, exception requests, and overall risk reduction in accordance with NIST and COBIT Cybersecurity frameworks.
  • Support vendor due-diligence process and help define overall third-party risk management efforts.
  • Support risk-focused governance entities such as forums and steering committees.
  • Support internal and external audit processes for relevant compliance areas including NIST CSF, NIST 800-53, PCI-DSS, HIPAA, SOX, and other external and internal requirements.
  • Support key capabilities and processes across the GRC function in support of the Hearst Information Security Office using an Agile methodology approach.
  • Work collaboratively with regional and global partners in other functional units.
  • Design and implement improvements in risk-related documentation.

Benefits

  • Medical insurance
  • Dental insurance
  • Vision insurance
  • Disability insurance
  • Life insurance
  • 401(k)
  • Paid holidays
  • Paid time off
  • Employee assistance programs

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume

What This Job Offers

Job Type

Full-time

Career Level

Mid Level

Industry

Publishing Industries

Education Level

Bachelor's degree

Job Search Resources

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service