Posted: Saturday, February 17, 2018 12:02 PM
SUMMARY: This position is responsible for assessing information risk and facilitates remediation of identified vulnerabilities for IT security and IT risk across the enterprise. Develops and maintains the organization's risk and policy management framework, processes, and procedures to ensure the company adheres to industry leading information technology and security management practices. Management of IT security and IT risk (eg, data systems, network and/or web) across the enterprise. Develop, implement and maintain IT policies, procedures and standards that meet existing and newly developed policy and regulatory requirements including SOX, PCI, and/or other regulatory guidance. Collaborate with Technology and Information Security departments to ensure that risk management practices satisfy information security, privacy and compliance requirements. Oversees corrective action plans for identified risks, compliance and other findings, and collaborate with cross-functional teams to implement and maintain any required safeguards and remedial measures. Coordinates with other areas to ensure delivery of training on Information Security policies and procedures to company employees. REQUIREMENTS: Education: Minimum 4-year degree (or equivalent experience) in computer science, engineering, information systems, security, or another other related discipline. Experience: Required skills/qualifications: Excellent verbal and written communication skills. Ability to react to high pressure dynamic changing environments. Strong analytical and problem-solving skills and the ability to "think-out-of-the-box". Leads development of Risk Management, Policy Management, and Governance best practices. Communicate and present concisely and effectively based on the appropriate level of management. Preferred Qualifications: 7-10 years IT security or information security experience with a proven ability to engage with Senior Management and regulators. 4+ years experience conducting IT compliance assessments (Sarbanes-Oxley, PCI, etc.). 4+ years experience in administering IT security controls in an organization. Knowledge of technical infrastructure, networks, databases and systems in relation to IT Security and IT Risk. Information Security related certification preferred (ie CRISC, CISSP, CISA, etc.). Role Specific Responsibilities: Responsibilities and duties include but are not limited to the following: Reference NIST SP 800-181. Work Role(s): SP-RSK-002, OV-TEA-001, OV-PMA-002. Travel: Some travel may be required; both domestic and international. Amount of travel will be determined by individual project requirements.
• Location: Fayetteville
• Post ID: 17681402 fayetteville