Job Description
Accumulus is seeking a Security Assurance Risk Manager. This will be a key role on the Security team, reporting to the Director of Security Assurance.
The Security Assurance Risk Manager is responsible for identifying, assessing, and managing security risks across the organization. Key tasks include performing annual and third-party security risk assessments, developing and implementing risk management strategies, and ensuring compliance with industry standards. The role involves maintaining the Risk Register, providing security risk reports, and managing documentation related to security programs.
Collaboration and training are also vital, involving integration of risk management practices across departments, regular reviews and updates of risk frameworks, and mentoring team members on risk management principles.
Responsibilities
Risk Identification and Assessment:
- Identify, assess, and manage security risks across the organization.
- Perform annual security risk assessments, business impact assessments, and critical systems assessments.
- Own and conduct third-party security risk assessments.
- Triage and manage new or changing security requirements, security issues, and potential risks from third parties, customers, or external sources.
Risk Management and Mitigation:
- Develop and manage the operational security risk management program.
- Develop and implement risk management strategies.
- Support the implementation of controls to mitigate risks to an acceptable level.
- Monitor the threat landscape and adjust risk management practices accordingly.
- Ensure compliance with industry standards and regulations.
Documentation and Reporting:
- Own and maintain the Risk Register.
- Provide comprehensive security risk reports to management.
- Maintain documentation, including handbook pages, policies, standards, procedures, and runbooks related to Security Risk programs.
Collaboration and Training:
- Collaborate with other departments to integrate risk management practices into overall business processes.
- Conduct regular reviews and updates of risk management frameworks and practices.
- Train and mentor team members on risk management practices and principles.
Qualifications
- At least 5 years of experience conducting security and risk management activities for regulated markets
- Detailed experience with common risk management standards and models such as: ISO 31000, NIST 800-39
- Demonstrated experience with security control frameworks such as: SOC 2, ISO, NIST
- Detailed understanding of security risk within cloud-native technology stacks