Information Security Risk Assessor Lead

1 month ago

Columbus, United States The Ladders Full time
Information Security Risk Assessor Lead is responsible for the assessment, verification, review, and audit of technology controls and/or business process controls across the enterprise related to GLBA Appendix B (Information Security Risk Assessment) and Authentication and Access to Systems and Services leveraging the provided FDIC Guidance. The Assessor will be responsible for risk assessments which will require review and evaluation of IT and/or business systems and processes. Additionally, the Assessor will assist with 3rd party and 4th party vendor risks, evaluation of control deficiencies, and recommendation on remediation efforts consistent with IT organizational policies, standards, procedures, and regulatory requirements.

Essential Functions
• Execute compliance reviews; facilitate remediation planning, exposure tracking and communicating risk all done in accordance with regulatory frameworks, e.g., FDIC Guidance as needed
• Provide security architecture knowledge and design concepts by partnering with the Enterprise Risk function to help manage technology related risk
• Provide technical expertise to support the Vendor Management Team with 3rd and 4th party supply-chain security and risk assessments, audits, tests, and verification activities, and when appropriate make recommendations to mitigate risk
• Apply or recommend adaptive security requirements and/or measurements based on investigative findings and threat monitoring including performing security risk assessments prior to changes in the production environment occurring to ensure changes do not violate regulatory requirements
• Assess systems of various scope and complexity to obtain, review, and interpret evidence provided to validate controls are performed effectively with a primary focus regulatory prescribed compliance when required. Interpret regulatory requirements into easy to understand language for constituents
• Conduct and lead assessment interviews and tests to identify technology control gaps that introduce risk to the organization
• Execute and assist management with IT audits and regulatory compliance requirements as needed
• Buildout the development of risk assessments, risk meditation, and performance reporting, through working within the IT function and other partners within the business
• Participate as the liaison between Enterprise Risk and Information Technology/Information Security to improve the overall ability to identify operational risk, with a focus on continuous control monitoring and emerging cyber security threats

Additional Essential Functions
• Ensure compliance with Northwest's policies and procedures, and Federal/State regulations
• Navigate Microsoft Office Software, computer applications, and software specific to the department in order to maximize technology tools and gain efficiency
• Work as part of a team
• Work with on-site equipment

Safety and Health for those without supervisory duties
• Abide by the rules of the safety and loss prevention program
• Perform work tasks in a safe manner
• Report any and all injuries to supervisor
• Know what to do in case of an emergency

QUALIFICATIONS
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Education
Technical Degree Information/Cyber Security or Risk Management Or
Associate's Degree Information/Cyber Security or Risk Management Or
Bachelor's Degree Information/Cyber Security or Risk Management

Work Experience
2 - 6 years Direct PCI Assessor Experience
2 - 6 years General IT Functional Experience

General Employee Knowledge, Skills, and Abilities
• Ability to establish effective working relationships among team members and participate in solving problems and making decisions
• Ability to present and express ideas and information clearly and concisely in a manner appropriate to the audience, whether oral or written
• Ability to actively listen to what others are saying to achieve understanding, sharing information with others and facilitating the open exchange of ideas and information
• Ability to establish courses of action for self to accomplish specific goals, develop and use tracking systems for monitoring own work progress, and effectively use resources such as time and information
• Ability to make right decisions based on perceptive and analytical processes, practicing good judgment in gray areas

Additional Knowledge, Skills and Abilities
Assesses systems security requirements by studying business requirements; conducting system security and vulnerability analyses and risk assessments and studying architecture/platform
Perform risk assessments and execute tests of data processing systems to ensure functioning of data processing activities and security measures
Subject Matter Expert in FFIEC IT Handbook, GLBA 501B, and Authentication and Access risks
Knowledge of best practices for security architecture and design
Ability to assess cybersecurity controls and technology configurations
Ability to build update and maintain a global policy governance framework
Experience and ability to build, manage and update controls related to policies, standards, and FDIC requirements and other frameworks as business needs dictate.

Licenses and Certifications
Certification in Information Security such as Security +, CISSP, CISA, etc. Upon Hire
CISA Upon Hire

Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities

The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c)

  • Information Security Risk Assessor Lead

    4 weeks ago

    Columbus, United States Northwest Bancorp, Inc. Full time

    Information Security Risk Assessor Lead is responsible for the assessment, verification, review, and audit of technology controls and/or business process controls across the enterprise related to GLBA Appendix B (Information Security Risk Assessment) Risk, Security, Assessor, Information, Business Systems, Lead, Banking

  • Information Security Risk Assessor Lead

    1 month ago

    Columbus, United States Northwest Bank Full time

    Description Information Security Risk Assessor Lead is responsible for the assessment, verification, review, and audit of technology controls and/or business process controls across the enterprise related to GLBA Appendix B (Information Security Risk Assessment) and Authentication and Access to Systems and Services leveraging the provided FDIC Guidance. The...

  • Lead Information Security Risk Assessor

    4 days ago

    Columbus, Ohio, United States Northwest LLC Full time

    The Lead Information Security Risk Assessor plays a crucial role in evaluating, verifying, and auditing technology and business process controls across the organization, ensuring compliance with relevant regulations and standards. This position involves conducting comprehensive risk assessments that require thorough analysis and evaluation of IT systems and...

  • Chief Information Security Risk Evaluator

    1 week ago

    Columbus, Ohio, United States Northwest Bancorp, Inc. Full time

    Position OverviewThe Lead Information Security Risk Assessor plays a crucial role in safeguarding the integrity of our organization's information systems. This position is pivotal in conducting thorough evaluations, verifications, and audits of both technological and operational controls throughout the enterprise.Key ResponsibilitiesPerform comprehensive...

  • Chief Information Security Risk Evaluator

    1 week ago

    Columbus, Ohio, United States Northwest LLC Full time

    The Lead Information Security Risk Assessor plays a crucial role in evaluating, validating, and auditing technology and business process controls across the organization. This position focuses on compliance with regulatory standards, particularly those outlined in GLBA Appendix B, which pertains to Information Security Risk Assessment and Access Control to...

  • Senior Risk Assessment Specialist in Information Security

    1 week ago

    Columbus, Ohio, United States Northwest LLC Full time

    The Lead Information Security Risk Assessor plays a crucial role in evaluating, validating, and auditing technology and business process controls across the organization in accordance with regulatory standards. This position entails conducting comprehensive risk assessments that involve scrutinizing IT and business systems and processes. Moreover, the Lead...

  • Senior Risk Assessment Specialist in Information Security

    1 week ago

    Columbus, Ohio, United States Northwest Bancorp, Inc. Full time

    Position OverviewThe Lead Information Security Risk Assessor plays a crucial role in the evaluation and verification of technology and business process controls throughout the organization. This position is essential for ensuring compliance with regulatory requirements and safeguarding sensitive information.Key ResponsibilitiesConduct thorough assessments of...

  • Information Systems Security Manager

    1 month ago

    Columbus, United States Abacus Technology Full time

    This is a job for an Information Systems Security Manager (ISSM) position with the company located in Columbus, MS area. Job Summary: Abacus Technology is seeking an Information System Security Manager (ISSM) to provide cyber security and information assurance support for the 14^th^ Flying Training Wing at Columbus AFB. This is a full-time...

  • Information Systems Security Manager

    1 month ago

    Columbus, United States Abacus Technology Corporation Full time

    Job DescriptionJob DescriptionCompany DescriptionAbacus Technology Corporation is a Federal government contractor and provider of enterprise information technology (IT) services and solutions.  For 40 years, we’ve developed effective partnerships with government and industry to tackle business challenges and pressures for Federal Defense, Civilian, and...

  • Information Security Risk Management Specialist

    1 day ago

    Columbus, Ohio, United States Sutton Bank Full time

    Job SummarySutton Bank is seeking a highly skilled Information Security Risk Analyst to join our team. As a liaison between the Information Security Office and various department executives, you will be responsible for identifying, testing, and implementing controls to mitigate risks and ensure compliance with regulatory frameworks.Key...

  • Enterprise Risk Analyst

    1 day ago

    Columbus, Ohio, United States Sutton Bank Full time

    Job SummarySutton Bank is seeking a highly skilled Information Security Risk Analyst to join our team. As a liaison between the Information Security Office and various department executives, you will be responsible for identifying, testing, and implementing controls to mitigate risks and ensure compliance with regulatory frameworks.Key...

  • Information Security Risk Analyst

    3 months ago

    Columbus, United States Sutton Bank Full time

    Job DescriptionJob DescriptionSummary:Serves as a liaison between the Information Security Office and various department executives. Responsible for identifying, testing existing controls and understand where controls need to be within processes as indicated with technology frameworks and applicable regulations (i.e., ISO, NIST, FFIEC, FDIC, etc.). Gap...

  • Head of Information Security Strategy

    1 week ago

    Columbus, Ohio, United States Synovus Full time

    Job OverviewPosition Summary:The Head of Information Security Strategy is responsible for providing strategic vision and leadership in the development, execution, and integration of comprehensive information security initiatives within the Synovus framework. This role involves active participation in operational processes to ensure the seamless functionality...

  • Senior Manager Information Security

    3 months ago

    Columbus, United States Bread Financial Full time

    JOB DESCRIPTION Every career journey is personal. That's why we empower you with the tools and support to create your own success story. Be challenged. Be heard. Be valued. Be you ... be here. Job Summary The Sr. Manager, Information Security will be responsible for managing a team of Information Security Vulnerability Management...

  • Information Security Compliance Analyst II

    1 week ago

    Columbus, Ohio, United States Educational Media Foundation K-LOVE & Air1 Media Networks Full time

    Are you ready to protect our digital landscape? Join us as a Governance Risk Compliance Analyst II (GRC) and immerse yourself in the core of our GRC initiatives. In this pivotal role, you will advocate for PCI Compliance, enhance our compliance frameworks, and expertly lead audits. Your objective? Propel ongoing enhancements, leverage innovative...

  • Solar Energy Site Assessor

    1 week ago

    Columbus, Ohio, United States Blue Raven Solar Full time

    Solar Energy Site AssessorJob Level: Entry-Level Shift: Full-time (40+ hours) Compensation: $18-20/hour Benefits: Full-time employees are eligible for Health, Dental, Vision, Life, and Accident insurance, and a Health Savings Account. Position Overview: We are looking for a meticulous and skilled Solar Energy Site Assessor to contribute significantly to...

  • Information Systems Security Manager

    4 weeks ago

    Columbus, United States Abacus Technology Full time

    Overview Abacus Technology is seeking an Information System Security Manager (ISSM) to provide cyber security, compliance, and information assurance support for the 14th Flying Training Wing at Columbus AFB.  This is a full-time position. Responsibilities Enforce and develop policies to ensure cybersecurity requirements for unclassified and classified...

  • Information Systems Security Manager

    1 week ago

    Columbus, United States Abacus Technology Full time

    Information Systems Security Manager (ISSM)Job Locations US-MS-ColumbusJob ID 2024-7630OverviewAbacus Technology is seeking an Information System Security Manager (ISSM) to provide cyber security, compliance, and information assurance support for the 14th Flying Training Wing at Columbus AFB. This is a full-time position. Responsibilities Enforce and...

  • Information Systems Security Manager

    1 month ago

    Columbus, United States Abacus Technology Full time

    Overview Abacus Technology is seeking an Information System Security Manager (ISSM) to provide cyber security, compliance, and information assurance support for the 14th Flying Training Wing at Columbus AFB. This is an on-site, full-time position. Responsibilities • Enforce and develop policies to ensure cybersecurity requirements for unclassified and...

  • Network Security Engineer, Lead

    2 months ago

    Columbus, United States Fiserv, Inc. Full time

    Network Security Engineer, LeadFiserv, Inc. - Columbus, OHCalling all innovators – find your future at Fiserv. We’re Fiserv, a global leader in Fintech and payments, and we move money and information in a way that moves the world. We connect financial institutions, corporations, merchants, and consumers to one another millions of times a day –...