Info Security Risk Manager 2

Company: The Church of Jesus Christ Latter-Day Saints
Location: Riverton
Posted on: June 7, 2021

Job Description:

Posting Info

Posting Dates: 04/20/2021 - No Closing Date

Job Family: Information Technology

Department: Information and Communication Services Department

Purposes

Serve as an information security and IT risk advisor and subject matter expert to the business unit IT groups of the Church. This includes supporting and enabling the implementation of security programs and controls, advising on the risk implications of architecture and design decisions, and assisting with the design and validation of risk reduction efforts within the assigned group.

Information Security Risk Managers also participate as expert evaluators on a committee that identifies, documents and evaluates technology risks for the Church- so that policy, programs and strategic technology decisions can be informed by comprehensive and reliable assessment of risks.

Effective performance of these two purposes requires a combination of excellent relationship management skills and a broad and deep understanding of technology, business processes, and how they interplay in an enterprise to create and manage IT risk.

This individual works with divine guidance to provide or support technology that furthers the mission of the Church and reflects the eternal impact of the gospel.

Responsibilities

* Establishes and maintains a trusted advisor and partnership role with portfolio leaders and staff; is familiar with their objectives, needs and technical ecosystem * Provides information security subject-matter expertise to associated business and technical leaders * Assists business and technical leaders in understanding, prioritizing and reducing information security risk, including general workforce information protection and handling capabilities * Communicate risk and/or information security knowledge appropriately to a broad set of audiences, from knowledge workers to highly-technical engineering staff to executive-level leadership * Facilitate security program compliance and risk-grounded decision making through sound relationships, alignment with partners and professional influence skills * Perform and supervise risk assessments with solution, product and engineering leaders; both standardized assessments and specialized assessments of unique technologies, architectures and business technology plans * Evaluate adherence to and promote information security policies and standards; review compliance or assessment artifacts and deliverables for completeness and accuracy * Document critical security risk findings in support of fully-informed and proactive decision-making * Effectively communicate risk and urgency to technical leaders where immediate mitigation response for critical risks is needed * Coordinate security assessment findings and reports with management, engineers and customers * Coordinate application vulnerability and penetration tests; coordinate tests and evidence-gathering activities for solution security certification/compliance validation * Contribute to the development of information security programs, policies and procedures within the Church * Participate in the leadership of strategy and culture as a member of the extended leadership of the Information Security and Risk Division * Evaluate whether sensitive data handling systems and processes comply with Church policies and procedure

Qualifications

Education:

Bachelor's Degree in Information Systems, Information Technology or equivalent professional experience

Work Experience:

* 10+ years of experience in a core IT technology (e.g., software developer, network engineer, database engineer) where compliance activities or the identification of security risks or code defects were part of the work experience; plus, significant hands-on experience with commercial and open source security tools and products, penetration testing, analysis and project management * 1-2 years of experience in an information security, IT risk, or compliance-related role

Demonstrated Skills & Abilities:

* Conversant in the security and risk implications for common technical architectures and components. Ability to identify and assess likely security risks across technical domains like segmented enterprise networks, identity and access infrastructure, symmetric and asymmetric encryption technologies, cloud architectures, insider threats, endpoint protections, securing web applications, and privacy and regulatory * Ability to work individually and as part of a team with minimal supervision * Proven ability to conceptualize, analyze and communicate complex issues and concerns to both technical and non-technical managers and workers * Proven ability to develop, refine and follow processes * Must be familiar with security standards and best practices such as those specified by the payment card industry, ISO 27000, National Institute of Standards and Technology, Center for Internet Security * Excellent communication skills (both written and verbal) * This job operates in a professional office environment * To successfully perform the essential functions of the job there may be physical requirements which need to be met such as sitting for long periods of time and using computer monitors/equipment

Specific Degrees, Certifications, Licenses:

* CISSP certification (ISC2) or the ability to attain it with first year of employment * Prefer one or more of the following recognized IT security certifications: GCED, CISA, CISM, CRISC, CPISA, GWAPT, CIPP (Other technical certifications are also given consideration)

Worthiness Qualification

Must be a member of The Church of Jesus Christ of Latter-day Saints and currently temple worthy.

Posting Notice/More Info.

Please Note: All positions are subject to close without notice.

Find out more about the many benefits of Church Employment at http://careers.churchofjesuschrist.org.

Keywords: The Church of Jesus Christ Latter-Day Saints, Riverton , Info Security Risk Manager 2, Other , Riverton, Utah