Principal, Cybersecurity Risk
About The Position
The Enterprise Cybersecurity Risk (ECS Cyber Risk) team is seeking an experienced Principal-level risk professional to lead in the creation of cyber risk analysis pertaining to ECS. The candidate will understand current and emerging cybersecurity risks and determine key risk scenarios for the ECS Product Areas. The candidate will participate in risk / threat modeling sessions to prioritize top risks. The candidate will advise on both exceptions and audit finding risk levels to drive down the number of exceptions and accurately risk rate audit findings. The candidate will quantify cyber risk and present analyses at the technical and executive level that will allow senior management to make informed decisions based on resulting risk data.
Requirements
- Minimum 3-5 years of risk experience quantifying cyber risk scenarios and presenting data in a meaningful and insightful way to senior leaders.
- Demonstrated experience in cybersecurity risk management, assessment frameworks, and metrics reporting.
- Experience managing projects end-to-end, from initial stages of acquiring data from multiple sources and subject matter experts to the tracking, maintenance, and closure of a project, with proven ability to integrate data into risk analysis tools and communicate progress effectively across multiple lines and levels.
- Use and understanding of governance, risk, and compliance tools.
- Advanced understanding of NIST 800-53 Cybersecurity Framework, Cybersecurity Risk Institute (CRI), and FAIR
- Effective communication and excellent presentation skills to senior leaders.
- Ability to deep dive into metrics that will both (1) quantify the work being done and (2) quantify how cyber risk position has improved.
- Critical thinking skills to ask detailed questions and fully vet answers to uncover discrepancies and gaps others may not have found is a must.
- Ability to work across business lines to influence change and help mitigate cyber risk.
- Intermediate understanding of risks pertaining to the following: cloud security, access controls, encryption, vendor security, data exfiltration, application security, perimeter security, customer protection, privileged access, denial of service, unpatched vulnerabilities, and end of life software.
- Ability to operate in a fast-paced environment and can complete analyses quickly and accurately integrating new cybersecurity data into risk models as it emerges.
- Possess an investigator mindset to deep dive into metrics to understand and communicate actionable risk to business and technology groups.
Nice To Haves
- CRISC, CISSP, or CISM certifications are preferred.
Responsibilities
- Determining the appropriate controls for cybersecurity risks
- Working with asset inventory and asset management
- Evaluating multiple sources, reports, industry trends to compare risk related findings to existing ECS policies and uncover gaps and opportunities for process improvement.
- Determining what, who, and where changes are warranted to close gaps, working with appropriate contacts to draft policy enhancement ensuring continued progress.
Benefits
- Comprehensive health care coverage and emotional well-being support
- Market-leading retirement
- Generous paid time off and parental leave
- Charitable giving employee match program
- Educational assistance including student loan repayment, tuition reimbursement, and learning resources to develop your career.
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Principal
Education Level
No Education Listed
