Principal – AI Technology Risk

About The Position

Requirements

• Education and experience typically obtained through completion of a bachelor’s degree in computer science, Information Technology, Cyber Security, or related field.
• Typically 15 or more years of progressive related information technology or information security work experience with various types of information security-related technologies. including firewalls, IDS, vulnerability management, anti-virus, data loss prevention, two factor authentication, and VPN.
• 3 or more years of experience with the security, regulatory, and privacy controls environment, and security governance, regulatory landscape, risk assessment, and risk management principles and techniques.
• Demonstrated advanced level experience with network security design and protection, application development, application security issues, operating system security, hardening standards and protection mechanisms.
• Strong technical knowledge in the area of security tools, application security design and architecture; secure network design and architecture, server security, and workstation security.
• Ability to articulate the practical and technical application of the following standards: (ISO, PCI and NIST/FISMA)
• Strong understanding and experience with Information technology systems and processes, network infrastructure, data architecture, data processes, protocols, and auditing and monitoring processes.
• Strong understanding and experience with Cyber and cloud security standard frameworks, architecture, design, operations, controls, technology, solutions, and service orchestration.
• Experience evaluating process and configurations for compliance with policies and regulations.
• Respected subject matter expert with high level of integrity, effective interpersonal and communication skills, and executive presence.
• Strong experience developing and tracking information security related KPIs and KRIs.
• Background and drug screen.

Nice To Haves

• Expertise in ISO 27002, PCI DSS 3.2 or current, NIST 800-53a, SIG, FFIEC handbooks, SOC2 Type II, GLBA, FCRA, NYDFS, data privacy.
• Certification in one of CISA, CISM, CISSP, CCSP, CRISC, GSNA, CGIH, or equivalent
• Project or Process management experience.

Responsibilities

• Create and manage the operating model for identifying and resolving security risks and posture drift.
• Lead initiatives and strategies in support of the Security Posture Management program.
• Own ensuring that business goals and risks are adequately addressed; collaborate and consult with enterprise cross-functional teams to maintain continuous awareness of the enterprise’s Security Posture and identify improvement opportunities.
• Establish effective working relationships across the enterprise to foster a strong risk culture by supporting stakeholders in owning and managing their risks and controls.
• Ensure controls are successfully designed and implemented to meet Compliance requirements and business objectives.
• Manage relationships cross-functionally to integrate alignment with organizational strategies while addressing risk management needs.
• Review new processes from a control's perspective.
• Consult with process owners to design and implement new controls.
• Improve risk and control environment by providing subject matter technical expertise on enhancing the design and effectiveness of Security’s control program while aligning with compliance and technical needs.
• Develop, execute, and present the risk reporting framework ensure risk mitigation activities are performed timely.
• Select appropriate metrics (KRI/KPI’s) to monitor adequacy and effectiveness of the control environment.
• Monitor remediation efforts to closure, including review of supporting evidence.
• Develop and enhance documentation and reporting standards to support oversight of the enterprise’s Security Posture and ensure consistent execution and coverage across the enterprise supported through a stakeholder-approved policy-driven governance program.
• Supports the company's commitment to risk management and protecting the integrity and confidentiality of systems and data.

Benefits

• Healthcare Coverage – Competitive medical (PPO/HDHP), dental, and vision plans as well as company contributions to your Health Savings Account (HSA) or pre-tax savings through flexible spending accounts (FSA) for commuting, health & dependent care expenses.
• 401(k) Retirement Plan – Featuring a 100% Company Safe Harbor Match on your first 6% deferral immediately upon eligibility.
• Paid Time Off – Flexible Time Off for Exempt (salaried) employees, as well as generous PTO for Non-Exempt (hourly) employees, plus 11 paid company holidays and a paid volunteer day.
• 12 weeks of Paid Parental Leave
• Maven Family Planning – provides support through your Parenting journey including egg freezing, fertility, adoption, surrogacy, pregnancy, postpartum, early pediatrics, and returning to work.