Experience Inc. Jobs

The Information Security Risk Manager will be responsible for maturing and maintaining the firms Risk Management Program through the use of supporting GRC solutions, identifying and managing risk resulting from having performed risk assessments and communicating the firms IT and cybersecurity risk posture to both internal and external stakeholders.

The ideal candidate will possess the skills necessary to develop and maintain the requisite inputs and outputs from the firms risk management program on an on-going basis, to include:

• Maintaining the firms IT / Security Risk Register and engage with Privacy and ORM/ERM stakeholders to ensure alignment
• Developing mature, audience-appropriate metrics that convey the firms risk posture
• Developing or leveraging existing risk assessment templates, security questionnaires and surveys to aid in the effective execution of risk assessments in order to support the firms relevant certifications
• Conducting targeted risk assessments to assess process maturity and impact to the organization
• Recommending security controls and/or corrective actions for mitigating technical and business risks
• Managing projects and enhancement solutions that result from assessment findings and recommendations
• Researching, identifying, and consulting with subject-matter experts to recommend risk mitigating solutions
• Managing and maintaining exceptions to the firms established policies, standards and industry norms
• Developing trend reporting to identify areas of focus and risk concentration
• Maintaining the firms security policies and standards while performing assurance activities to assess firm-wide compliance
• Continually seek to improve the firms security risk assessment methodology to make them more efficient and effective
• All members of the firm are encouraged to participate in our Global Responsible Business program
• Other duties as assigned

QUALIFICATIONS/

REQUIRED SKILLS

• Working knowledge of established cyber security risk management concepts, control standards, technologies and frameworks: NIST RMF/CSF, ISO 27001:2022 and ISO 27005:, ISO 27005:2022, etc.)
• General understanding of GRC and information security fundamentals and industry best practices related to the protection of information, such as exception handling, policy development and maintenance and engagement with auditors in relation to these business processes
• Experience documenting business processes, policy and/or standards
• Proven track record of supporting, preferably managing, a Risk Management Program with supporting metrics and escalation strategies
• Ability to communicate information about the vision and direction of our information security program to firm leadership and business stakeholders
• Strong verbal and written communication skills, including the ability to translate risk management concepts into business language
• Must be able to communicate clearly and effectively with people from all levels of the firm while handling multiple priorities
• Must be highly organized and driven, work well with others, be process- and solutions-oriented, and have an absolute commitment to excellence and integrity
• Ability to visualize, plan, and execute on areas of process improvement that increase the efficiency and delivery of our security capabilities