Risk Manager
Diverse Lynx | New York | www.resume-library.com |
Role: Risk Manager
Location: New York City, NY Onsite
Fulltime
Technical/Functional Skills
Skill: Risk Manager
Must have:
Function as a Subject Matter Expert in several IT risk domain (eg.: Access control, change management, cryptography, secure network design etc.) on IT internal controls, including risk assessment and analysis.
Experienced in third party vendor management program.
Experienced in review of SSAE18, SOC 2, HITRUST, SIG and CAIQ reports.
Understanding of application and network security and should understand penetration testing and scan reports.
Certifications such as CISA, CISSP will be good to have.
Third Party Vendor Management, GRC, Internal Audits (Information Security).
Responsibilities:
Should be independently able to perform information security audits and assessments on third party vendors depending upon the vendor type and criticality.
Contribute to governance and facilitate remediation recommendations of related risks, deficiencies, gaps or issues, advice with identifying compensating controls alternative where compliance requirements cannot be met.
Document and present overall residual risk to higher management for approvals and risk acceptances.
Interact with vendors, business and multiple stakeholders to assess, explain and remediate the risks identified.
Support key reporting activities associated within key functions.
Perform adhoc IT risk analysis and reporting.
Location: New York City, NY Onsite
Fulltime
Technical/Functional Skills
Skill: Risk Manager
Must have:
Function as a Subject Matter Expert in several IT risk domain (eg.: Access control, change management, cryptography, secure network design etc.) on IT internal controls, including risk assessment and analysis.
Experienced in third party vendor management program.
Experienced in review of SSAE18, SOC 2, HITRUST, SIG and CAIQ reports.
Understanding of application and network security and should understand penetration testing and scan reports.
Certifications such as CISA, CISSP will be good to have.
Third Party Vendor Management, GRC, Internal Audits (Information Security).
Responsibilities:
Should be independently able to perform information security audits and assessments on third party vendors depending upon the vendor type and criticality.
Contribute to governance and facilitate remediation recommendations of related risks, deficiencies, gaps or issues, advice with identifying compensating controls alternative where compliance requirements cannot be met.
Document and present overall residual risk to higher management for approvals and risk acceptances.
Interact with vendors, business and multiple stakeholders to assess, explain and remediate the risks identified.
Support key reporting activities associated within key functions.
Perform adhoc IT risk analysis and reporting.
Don’t miss out on new job openings!
Create a job alert for: Penetration Tester, New York State
It's free, and you can cancel email updates at any time