Role:

As an Enterprise Security Risk Manager in BSWH, you will be part of a team who is assessing and managing the portfolio’s Third Party Information Security Risk across the organization. As part of your team, you will be responsible for supporting the Service Provider Technology Risk related initiatives and assessments, including core assessments of a Service Provider logical controls, Cloud environments, Web and Mobile applications. The ideal candidate should; have a good understanding of regulations that governs this space, be well versed in risk assessments, risk analysis, and have the ability in helping counterparts manage risk.

Job Summary & Responsibilities:

Support the Technology Risk Advisory function by understanding the business needs and helping to shape the Third Party Technology Risk strategy, be part of a team that assess risk and work with business units to manage risk portfolios.

Qualifications - External

RESPONSIBILITIES AND QUALIFICATIONS:

• Have a good understanding of regulations that governs this space
• Be well versed in risk assessments and a demonstrated ability in helping counterparts manage risk
• Have in the past worked with legal to develop on an ongoing basis, review information security contractual requirements.
• Understanding of well recognized risk management frameworks and a proven track record of implementation.
• Working knowledge of regulatory landscape and information security management frameworks (e.g., HIPAA, HITECH, PCI; NIST, ISO 27000/27001).
• Good understanding of information security controls, along with preferred and alternative implementations.
• Have a technical knowledge of network infrastructure, cyber security risks, web, mobile application, and cloud environment.
• Have a clear understanding of technology risk’s role in that process.
• 5 + years of relevant work experience

Preferred Qualifications

• Proficient verbal and written communication skills
• Bachelor of Science in Computer Science, System/Computer Engineering, Cyber-Security, Information Security, Information Technology or Risk Management is preferred
• Prior experience in network security.
• Prior experience in conducting risk assessments and audits
• One or more of the following Certificates (Highly desirable): CISSP, CISA, CRISC, CISM.