Sr. Manager, Security Risk Analyst IV

About The Position

Requirements

• Bachelor’s degree in IT field preferred, or related field or equivalent work experience.
• At least 6 years of progressive experience in relevant information security positions.
• Five years in a technical audit, security compliance, or equivalent role.
• In-depth understanding of security frameworks (NIST, ISO 27001, CIS), regulatory requirements, and industry standards.
• In-depth understanding of security risk assessment methodologies, vulnerability management, and threat modeling.
• Familiarity with database management systems (SQL, NoSQL) and data modeling.
• Familiarity with workflow design, basic development, and API integration functionality.
• Experience with GRC tools
• Knowledge of networking concepts, major operating systems, and cloud computing environments.
• General working understanding of web application and network technologies, programming languages, databases, Linux, Unix, Mac OSX, and Windows operating systems.
• Advanced understanding and knowledge of security principles, standards, and processes, such as authentication and access control, secure configuration, network traffic analysis, endpoint security, platform architecture, application security, encryption and key management, cloud security, etc.
• Ability to work effectively, independent of assistance or supervision.

Nice To Haves

• Advanced security certification preferred. Examples include CISSP, CISM, CRISC, CISA, CGEIT.

Responsibilities

• Collaborate with IT leadership to align security strategies with business goals and objectives.
• Lead and perform risk assessments across internal systems, third-party relationships, and technology initiatives to identify, evaluate, and mitigate security risks.
• Provide guidance and oversight on security risk assessment projects, ensuring alignment with industry best practices and company policies.
• Utilize software applications and tools that facilitate governance, risk assessment, and compliance management. These solutions may include risk assessment systems, compliance tracking platforms, and reporting dashboards.
• Collaborates with IT leadership to align security strategies with business goals and objectives.
• Provides guidance and oversight on security risk assessment projects, ensuring alignment with industry best practices and company policies.
• Continuously evaluates cybersecurity controls to ensure effectiveness, compliance and adherence to key controls and policies and drive its remediation efforts.
• Develops and manages the organization’s risk register, ensuring risks are tracked, categorized, and addressed appropriately.
• Contributes to the design and implementation of GRC tools and processes to enhance the automation and scalability of risk management workflows.
• Provides strategic guidance and thought leadership on risk management best practices, ensuring alignment with frameworks such as NIST, ISO 27001, and CIS.
• Develop sand monitors KPIs and metrics to report the organization’s risk posture to stakeholders, including senior leadership.
• Works closely with legal, compliance, and regulatory teams to ensure adherence to relevant industry standards, regulations, and data protection requirements.
• Develops and maintains technical security configuration standards.
• Develops and communicates security policies, standards, and procedures to ensure consistent security practices throughout the organization.
• Stays up to date with relevant regulations, standards, and industry best practices.
• Develops and mentors more junior staff on technical skills and risk assessments to constantly improve performance of the team.
• Coordinates and participates in security audits and assessments and manage responses to findings.