System One Services Manager, IT Security Risk in Houston, Texas
Manager, IT Security RiskHouston, TX
Apply with System One
Compensation Range:30.00 - 40.00 Per Hour
IT Security Risk Manager
Houston, TX 77019
Pay Rate: $30.00-40.00/HR
Job Type: Temp-Hire
System One is seeking an IT Security Risk Manager responsible for assisting with the operational activities of the Cyber Risk Management and Governance Program. The IT Security Risk Manager will identify IT risk and work with appropriate stakeholders to complete remediation activities.
Third Party Risk Management
Work with business units and third parties to evaluate the risk of vendor relationships.
Perform risk assessments on third parties and translate IT risks into business risks.
Translate cyber risk into business risks and communicate this to business units.
Document identified risks and follow up on remediation activities through completion.
Application Security Assessments
Assist in the development of an application security assessment program.
Perform application security assessment on both internal and external applications.
Document risks associated with internal and external applications.
Manage the remediation activities associated with applications.
Supports internal and external audits, control reviews, risk assessments, and reporting as required
Tracks and manages action plans for the resolution of issues identified during assessment and audits. Performs analysis and reporting of compliance gaps.
Will assist in the implementation of action plans as well as provide compliance support to projects in order to improve performance of IT controls.
Collects and performs data analysis to ensure compliance with IT controls. Generates and distributes security compliance metrics.
SOX Control Review
Complete required SOX controls within the required time frame.
Work with other departments within IT to obtain the required evidence for SOX controls.
Perform analysis on SOX control evidence to ensure all controls have been performed according to the requirements.
Work with both internal and external auditors to provide evidence of compliance.
Identify information system vulnerabilities through automatic and manual means.
Prioritize vulnerabilities based on the risk to SCI information systems and data.
Follow up on remediation activities to ensure identified risk are mitigated.
Assist in preparation of metrics and reporting for vulnerability management activities.
Security Awareness Training
Assist with the development of security awareness communications.
Assists with the execution of phishing email exercises.
Security Policies, Standards, and Procedures
Works with manager to maintains an up-to-date understanding of industry best practices or frameworks such NIST CSF, ISO, HIPAA, PCI, etc.
Benchmarks with IS risk management practices of other companies.
Assist with the development of cyber security policies, standards, and procedures.
Assist with the annual review of cyber security policies and provide input for improvements.
Security Incident Response
Assist with responses to cyber security incidents such as malware detections and malicious activities.
Respond to security escalations received from the Security Operations Center (SOC).
Research security incidents, document findings, and provide remediation activities.
Utilize in-house security tools when researching security incidents (IPS, Antivirus Management Console, etc.)
Manage the cyber security queue in the IT ticketing system.
Participate in a rotating on-call schedule to respond to afterhours incidents.
Knowledge, Skills & Abilities:
Demonstrated ability to envision and integrate various security technologies and controls into a cohesive architecture that sufficiently mitigates risk to the organization.
Proven ability to author strategic security roadmaps and translate into execution plans to drive desired outcomes.
Ability to communicate clearly end effectively with technical and business stakeholders.
Excellent verbal and written communication skills including the ability to author and present materials ranging from detailed technical specifications to high-level presentations.
Solid problem solving and analytical skills; able to quickly digest issue/problem encountered and recommend an appropriate solution.
Solid data analytic skills required to correlate multiple data points.
Advanced Computer Skills - Microsoft Office: Advanced in Excel (Pivot tables, V-look ups), Visio, or ACL/Access (not required, but preferred)
Bachelor’s degree in Information Systems, Business or related program preferred.
Industry certifications highly preferred (ISSP, SSCP, CISM, CISA, CCSP).
Strong working knowledge of information systems security standards and practices.
Three (3) years’ experience in Information Security with a focus on Risk Management
Experience working with outsourced providers in the delivery of IT Security services
Experience working with law enforcement, industry groups and other forums to stay abreast of new developments and to gain knowledge of best practices
Core / Critical Competencies
Demonstrates a Commitment to Service Excellence through Trustworthiness and Integrity
Acts within and upholds the Code of Conduct and Dignity Promise Standards while demonstrating corporate values.
Is trusted by others; keeps commitments to others.
Apply with System One