Chief Information Security Risk Evaluator
2 weeks ago
The Lead Information Security Risk Assessor plays a crucial role in evaluating, validating, and auditing technology and business process controls across the organization. This position focuses on compliance with regulatory standards, particularly those outlined in GLBA Appendix B, which pertains to Information Security Risk Assessment and Access Control to Systems and Services, guided by FDIC recommendations.
The Assessor is tasked with conducting comprehensive risk evaluations that involve scrutinizing IT and business systems and processes.
Moreover, this role includes managing risks associated with third-party and fourth-party vendors, assessing control weaknesses, and providing remediation recommendations that align with organizational policies, standards, and regulatory mandates.
Key Responsibilities
- Conduct compliance assessments; facilitate remediation strategies, monitor exposure, and communicate risks in accordance with applicable regulatory frameworks.
- Offer expertise in security architecture and design by collaborating with the Enterprise Risk function to effectively manage technology-related risks.
- Support the Vendor Management Team with security and risk assessments of third and fourth-party suppliers, conducting audits, tests, and verification activities, while making risk mitigation recommendations as necessary.
- Implement or suggest adaptive security requirements based on investigative outcomes and threat monitoring, ensuring security risk assessments are performed prior to any production environment changes to maintain regulatory compliance.
- Evaluate systems of varying complexity to gather, analyze, and interpret evidence, ensuring effective control performance with a primary focus on regulatory compliance.
- Lead assessment interviews and testing to identify technology control deficiencies that may pose risks to the organization.
- Assist management with IT audits and regulatory compliance as required.
- Develop risk assessments, mitigation strategies, and performance reporting in collaboration with the IT function and other business partners.
- Act as a liaison between Enterprise Risk and Information Technology/Information Security to enhance the organization's capability to identify operational risks, focusing on continuous control monitoring and emerging cybersecurity threats.
Additional Responsibilities
- Ensure adherence to Northwest's policies and procedures, as well as Federal and State regulations.
- Utilize Microsoft Office and departmental software applications to maximize efficiency.
- Collaborate effectively as part of a team.
- Engage with on-site equipment as necessary.
Safety and Health Responsibilities
- Comply with safety and loss prevention protocols.
- Perform tasks safely and responsibly.
- Report any injuries to a supervisor immediately.
- Be prepared for emergency situations.
Qualifications
To succeed in this role, candidates must demonstrate the ability to fulfill each essential duty satisfactorily. The following qualifications are representative of the knowledge, skills, and abilities required. Reasonable accommodations may be made for individuals with disabilities to perform essential functions.
Education
Technical Degree in Information/Cyber Security or Risk Management, or
Associate's Degree in Information/Cyber Security or Risk Management, or
Bachelor's Degree in Information/Cyber Security or Risk Management.
Work Experience
- 6 years of direct experience as a PCI Assessor.
- 6 years of general IT functional experience.
General Knowledge, Skills, and Abilities
- Ability to build effective working relationships within a team and contribute to problem-solving and decision-making.
- Proficient in presenting ideas and information clearly and concisely, both orally and in writing.
- Strong active listening skills to ensure understanding and facilitate open communication.
- Capability to set actionable goals, develop tracking systems for monitoring progress, and utilize resources effectively.
- Ability to make informed decisions based on analytical reasoning and sound judgment.
Additional Knowledge, Skills, and Abilities
Assess security requirements by analyzing business needs; conducting security and vulnerability assessments; and reviewing architecture/platform.
Conduct risk assessments and execute tests on data processing systems to ensure operational integrity and security measures.
Subject Matter Expert in FFIEC IT Handbook, GLBA 501B, and Authentication and Access risks.
Knowledge of best practices in security architecture and design.
Ability to evaluate cybersecurity controls and technology configurations.
Experience in developing, managing, and updating policies, standards, and compliance frameworks as business needs evolve.
Licenses and Certifications
Certification in Information Security (e.g., Security +, CISSP, CISA) is required upon hire.
CISA certification is required upon hire.
Northwest LLC is an Equal Opportunity Employer, committed to providing equal employment opportunities to all individuals, including protected veterans and individuals with disabilities.
-
Chief Information Security Risk Evaluator
2 weeks ago
Columbus, Ohio, United States Northwest Bancorp, Inc. Full timePosition OverviewThe Lead Information Security Risk Assessor plays a crucial role in safeguarding the integrity of our organization's information systems. This position is pivotal in conducting thorough evaluations, verifications, and audits of both technological and operational controls throughout the enterprise.Key ResponsibilitiesPerform comprehensive...
-
Lead Information Security Risk Assessor
1 week ago
Columbus, Ohio, United States Northwest LLC Full timeThe Lead Information Security Risk Assessor plays a crucial role in evaluating, verifying, and auditing technology and business process controls across the organization, ensuring compliance with relevant regulations and standards. This position involves conducting comprehensive risk assessments that require thorough analysis and evaluation of IT systems and...
-
Columbus, Ohio, United States Northwest LLC Full timeThe Lead Information Security Risk Assessor plays a crucial role in evaluating, validating, and auditing technology and business process controls across the organization in accordance with regulatory standards. This position entails conducting comprehensive risk assessments that involve scrutinizing IT and business systems and processes. Moreover, the Lead...
-
Columbus, Ohio, United States Northwest Bancorp, Inc. Full timePosition OverviewThe Lead Information Security Risk Assessor plays a crucial role in the evaluation and verification of technology and business process controls throughout the organization. This position is essential for ensuring compliance with regulatory requirements and safeguarding sensitive information.Key ResponsibilitiesConduct thorough assessments of...
-
Chief Information Officer
2 weeks ago
Columbus, Ohio, United States Dream an Blessing Consulting LLC Full timeJob Title: Chief Information OfficerPosition Overview: Dream an Blessing Consulting LLC is in search of a seasoned and proficient Chief Information Officer (CIO) to lead our IT initiatives. In this pivotal role, you will be tasked with shaping the organization's comprehensive IT framework, ensuring it aligns seamlessly with our strategic business goals while...
-
Columbus, Ohio, United States Sutton Bank Full timeJob SummarySutton Bank is seeking a highly skilled Information Security Risk Analyst to join our team. As a liaison between the Information Security Office and various department executives, you will be responsible for identifying, testing, and implementing controls to mitigate risks and ensure compliance with regulatory frameworks.Key...
-
Enterprise Risk Analyst
5 days ago
Columbus, Ohio, United States Sutton Bank Full timeJob SummarySutton Bank is seeking a highly skilled Information Security Risk Analyst to join our team. As a liaison between the Information Security Office and various department executives, you will be responsible for identifying, testing, and implementing controls to mitigate risks and ensure compliance with regulatory frameworks.Key...
-
Head of Information Security Strategy
2 weeks ago
Columbus, Ohio, United States Synovus Full timeJob OverviewPosition Summary:The Head of Information Security Strategy is responsible for providing strategic vision and leadership in the development, execution, and integration of comprehensive information security initiatives within the Synovus framework. This role involves active participation in operational processes to ensure the seamless functionality...
-
Chief Security Architect
2 weeks ago
Columbus, Ohio, United States NiSource Full timeThis position reports directly to the Director of Enterprise Architecture and collaborates closely with the Architecture, Security, Infrastructure, and Application Development teams to deliver comprehensive architectural guidance for Security across NiSource. The Chief Security Architect will be accountable for steering technology direction for Security in...
-
Chief Audit Executive
3 days ago
Columbus, Ohio, United States State Teachers Retirement System of Ohio Full timeAbout the RoleThe State Teachers Retirement System of Ohio (STRS Ohio) is seeking a highly skilled Chief Audit Executive to lead its internal audit function. As a key member of the organization's leadership team, this individual will be responsible for ensuring the effectiveness of internal controls and risk management processes.Key ResponsibilitiesDevelop...
-
Chief Safety and Security Officer
2 weeks ago
Columbus, Ohio, United States Kipp Full timeDepartment: Regional Support and LeadershipCompany Overview: Established in 2008, KIPP Columbus has grown from 50 students in 5th grade to serving over 2,000 students from kindergarten through twelfth grade. Our mission is to cultivate a network of schools where students acquire the intellectual, academic, and social competencies necessary to navigate and...
-
Security Officer
5 days ago
Columbus, Ohio, United States Brosnan Risk Consultants Full timeAbout Brosnan Risk ConsultantsWe are a leading provider of exceptional security services nationwide, committed to promoting a positive and professional work environment. Our company values its employees and clients, and we pride ourselves on providing a great opportunity for career advancement and professional growth.Job SummaryWe are seeking a highly...
-
Head of Cybersecurity Risk Management
2 weeks ago
Columbus, Ohio, United States Fiserv Full timeJoin Fiserv as a Leader in Cybersecurity Risk Management At Fiserv, we are at the forefront of financial technology and payment solutions, facilitating secure transactions and data management globally. Our mission is to connect financial institutions, businesses, and consumers seamlessly and securely. Position Overview As the Head of Cybersecurity Risk...
-
Security Risk Management Consultant
5 days ago
Columbus, Ohio, United States Sutton Bank Full timeJob SummarySutton Bank is seeking a highly skilled Information Security Risk Analyst to join our team. As a liaison between the Information Security Office and various department executives, you will be responsible for identifying, testing, and implementing controls to mitigate risks and ensure compliance with regulatory frameworks.Key...
-
Security Professional
5 days ago
Columbus, Ohio, United States Sunstates Security Full timeAbout the RoleSunstates Security is seeking a highly skilled and dedicated individual to join our team as a Security Officer. As a Security Officer, you will be responsible for ensuring the safety and security of our clients and their properties.Key ResponsibilitiesProvide exceptional customer service and ensure a high level of customer satisfactionConduct...
-
Third-Party Risk Assessment Specialist
2 weeks ago
Columbus, Ohio, United States TEKsystems Full timeJob OverviewWe are seeking a qualified candidate for an 18-month contract position focused on Third-party Risk Management.Essential Skills:IT SecurityInformation Risk ManagementSecurity+ CertificationCSP CertificationThird-party Risk EvaluationsPosition Summary:The ideal candidate will possess 2-5 years of experience in an IT-related domain, with at least 2...
-
Chief Safety and Security Officer
1 week ago
Columbus, Ohio, United States Kipp Full timeCompany Overview KIPP Columbus, established in 2008, has grown from 50 students in 5th grade to serving over 2,000 students from kindergarten through twelfth grade. Our mission is to foster a system of schools where students acquire the intellectual, academic, and social skills necessary to navigate and address real-world challenges. Ranked among the top...
-
Security Analyst
3 days ago
Columbus, Ohio, United States PNC Full timeJob SummaryPNC is seeking a highly skilled Security Analyst to join our team. As a key member of our Security organization, you will play a critical role in protecting our company's assets and ensuring the confidentiality, integrity, and availability of our information systems.Key ResponsibilitiesTechnical Evaluation and Analysis: Conduct thorough technical...
-
Chief Safety and Security Officer
2 weeks ago
Columbus, Ohio, United States Kipp Full timeCompany Overview KIPP Columbus, established in 2008, has grown from 50 students in 5th grade to serving over 2,000 students from kindergarten through twelfth grade. Our mission is to cultivate a network of schools where students acquire the intellectual, academic, and social skills necessary to address real-world challenges. Ranked among the top five schools...
-
Information Security Compliance Analyst II
2 weeks ago
Columbus, Ohio, United States Educational Media Foundation K-LOVE & Air1 Media Networks Full timeAre you ready to protect our digital landscape? Join us as a Governance Risk Compliance Analyst II (GRC) and immerse yourself in the core of our GRC initiatives. In this pivotal role, you will advocate for PCI Compliance, enhance our compliance frameworks, and expertly lead audits. Your objective? Propel ongoing enhancements, leverage innovative...
