Overview
Information Security Risk Lead Jobs in Raleigh, North Carolina, USA at Ryder System
Title: Information Security Risk Lead
Company: Ryder System
Location: Raleigh, North Carolina, USA
Type: Full Time
Category: IT/Tech, Security
Summary
The Information Security Risk Lead is responsible for the oversight and execution of the company’s Information Security function, as it relates to the design, development, implementation, and monitoring of the Information Security Risk Management program. Additionally, this role will lead the maturation and evolution of the risk management tools and methods, as well as ensuring comprehensive reporting of all security risks.
The Information Security Risk Lead will work across the security team to promote awareness of the risk management program and desired risk culture. The position requires adiversebackground to understand a variety of systems, including new technologies and legacy systems considered business critical.
Essential Functions
Lead the execution and maturation of the information security risk management program
Perform targeted risk assessments to identify and report on strengths and weaknesses in the program as they relate to privacy, security, business resiliency and compliance frameworks
Manage and oversee the implementation and maintenance of an Enterprise GRC tool
Work effectively with leads across the Information Security team to assist with identifying, measuring, and planning remedial action plans for information security risks
Document and maintain workflows and design documents and procedures to identify gaps in risk posture and risk acceptability based on controls
Create and present risk posture and recommendations to Information Securityleadership
Perform ad-hoc assessments, analysis, and reports as needed to support the team’s needs
Additional Responsibilities
Foster and maintain good relationships with business partners and colleagues to meet expected service levels.
Research and recommend new tools and technologies to gain efficiencies and enable functionalities.
Deliver schedule milestones on-time to ensure project/program objectives are met.
Performs other duties as assigned.
Skills and Abilities
Track record of acting with integrity, taking pride in work, seeking to excel and being curious and flexible.
Strong written and oralcommunication skillsacross varying levels of the organization.
Understanding of service design, delivery concepts and control frameworks.
Organized, with the ability to prioritize and complete tasks within defined SLAs.
Excellent judgment and the ability to make quick decisions when working with complex situations.
High degree of integrity, trustworthiness and confidence; represents the company and its management team with the highest level ofprofessionalism
Qualifications
Bachelor’s degree required in Information Security, Information Technology, Management Information Systems
Master’s degree preferred in Information Security, Information Technology, Management Information Systems
Seven (7) years or more experience with technology risks and controls and deploying information governance, information technology risk management, compliance, information security, or privacy programs required
Seven (7) years or more experience with cyber security and information security program management and frameworks (e.g. NIST CSF, ISO/IEC 27000, etc.) required
Exposure to and familiarity with relevant standards such as ISO/IEC 27000 family – Information Security Management Systems, NIST Cybersecurity Framework, NIST 800, and applicable laws related toregulatory compliance, information security and privacy (e.g. SOX, HIPAA, GDPR, PCI-DSS) intermediate required
…
