Security Risk Management, VP / Denver, CO

About The Position

Requirements

• Strong documentation and process-oriented background with leading and managing complex Technology projects.
• Detail-oriented with a strong sense of accountability and follow-through.
• Ability to proactively take initiative on assigned projects and tasks, and to anticipate risks, identify gaps, and suggest enhancements before issues escalate.
• Excellent prioritization capabilities, with an aptitude for breaking down work into manageable parts, effectively assessing the priority and time required to complete each part.
• Ability to effectively influence others to account for the plans and collaborative behaviors for results.
• Ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily understood, authoritative, and actionable manner.
• Ability to identify and assess cybersecurity threats, risks and controls to cost-effectively mitigate risks.
• Strong decision-making abilities.
• Ability to react to high pressure dynamically changing environments.
• Ability to manage multiple priorities and stakeholders in a fast-paced environment, and to pay attention to sources of information from inside and outside one’s network within an organization.
• Ability to apply original and innovative thinking to produce new ideas and create innovative products, solutions, or approaches.
• Disciplined with interpersonal skills to work well in a global environment, complementing teams in multiple remote locations.
• BS in MIS, Computer Science, Information Security, or a related field
• 5+ years in Information Security.
• 3+ years of experience in information security governance, risk and compliance management.
• 3+ years of experience with developing and maintaining information security program documentation, including creating and maintaining information security policies and standards.
• Working knowledge of information security management frameworks (e.g., NIST Cybersecurity Framework (CSF), ISO/IEC 27001, COBIT, CIS Controls, etc.)
• Experience with cybersecurity metrics and KRI development
• Experience with developing senior management and executive-level communications
• Proficiency in Microsoft Office Suite (Excel, Word, PowerPoint, Outlook).

Nice To Haves

• Experience in a regulated industry (e.g., finance, healthcare, etc.) is highly desirable.
• Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), and/or Certified Information Systems Auditor (CISA) preferred.
• Experience with GRC platforms (e.g., ServiceNow, Archer, etc.) is a plus.

Responsibilities

• Assist in the development, maintenance and communication of information security policies, standards, and procedures.
• Support internal risk assessments and continuous controls monitoring activities.
• Maintain a framework with key cybersecurity controls and evidence owned by Information Security personnel.
• Facilitate testing of control design and effectiveness.
• Engage with global SMEs to update and maintain the control/evidence framework, and to develop test steps.
• Facilitate program assessments, audits and regulatory reviews, and provide documentation and evidence as needed
• Develop presentations and materials for senior and executive management, Boards, and regulators.
• Maintain a global resource with all regional presentations to boards, committees and regulators.
• Support regulatory developments, including monitoring new regulations, and preparing actions for new regulatory requirements.
• Support the development and maintenance of cybersecurity metrics and key risk indicators (KRIs).
• Track and report on cybersecurity risk issues, including identified findings from audits, program assessments, and regulatory reviews.
• Identify potential areas of improvement, and engage in process/control improvements of the Information Security program, in any area where enhancements are needed or appropriate.
• Stay informed on emerging cyber threats, regulatory changes, and industry best practices.
• Maintain strong working relationships with individuals and groups involved in managing information risks across the organization.
• Maintain and update information security-related program documents (e.g., Information Security Program Overview, Risk Management handbook, roles and responsibilities matrices, etc.) as needed.

Benefits

• employees are eligible for an annual discretionary bonus, and benefits including healthcare, leave benefits, and retirement benefits
• strong retirement plan
• tuition reimbursement
• comprehensive healthcare
• support for working parents
• Flexible Time Off (FTO)