What are the responsibilities and job description for the Principal Information Security Governance & Risk Management position at System One?
ALTA IT Services is a wholly owned subsidiary of System One, a leading provider of specialized workforce solutions and integrated services. ALTA is an established leader in IT Staffing and Services, for both government and commercial enterprises across the United States, specializing in Program & Project Management, Application Development, Cybersecurity, Data & Advanced Analytics, and Agile Transformation Services.
Principal Information Security Governance & Risk Management
Hybrid in Vienna, VA
Contract
Description:
The Principal, Information Security Governance & Risk Management supports the client’s Information Security Division in effectively managing the Enterprise’s Information Security risks and overall program. Responsible for the strategy, management and the overall execution of first line of defense information security risk management and governance activities at the enterprise. This role will collaborate with Sr. leaders across the enterprise to identify, mitigate and manage information security risks. Uses extensive industry and real-world experience to lead information security governance and risk management activities, developing pragmatic solutions to address gaps in line with established risk appetites. Ensure information security governance and risk management activities align with strategic business initiatives, achieve business and quality objectives, mitigate risk and enhance operating procedures. Develop dashboards, metrics and reporting data to provide consultative guidance during monthly and quarterly governance committees. Promote operational efficiency and service excellence through appropriate risk controls, process improvements and training while reducing and mitigating financial losses.
Responsibilities:
• Lead the Information Security Program Risk Assessment.
• Develop and lead a comprehensive Information Security Program Maturity Assessment and Risk
Assessment initiatives in line with the enterprise goals and regulatory expectations.
• Ensure the effective identification, mitigation and management of information security risks arising
from business activities. In addition, provide guidance and advice to senior management on the
status of their control environment related to standards compliance, risk identification and control
issues. Identify critical areas to monitor and escalate issues and findings to appropriate
stakeholders and governance committees.
• As applicable, articulate implications of risks and issues related to data management and protection
to sponsors and risk owners and, if necessary, assist with security exceptions or issue management
• Translate control deficiencies into action plans and provide recommendations to enhance
governance practices in alignment with risk and compliance frameworks.
Qualifications and Education Requirements:
• Bachelor's degree in Information Systems, Computer Science, Engineering, Business, Mathematics,
Economics, or related field, or the equivalent combination of education, training and experience
• A minimum of 12-15 years of experience leading risk and/or compliance related activities in
financial services or other relevant industry, especially Operational Risk Programs
• Deep knowledge and practical experience implementing NIST CSF in a medium to large financial
institution.
• Extensive knowledge of industry leading risk management frameworks such as COSO, COBIT, NIST
CSF, ITIL)
• Working knowledge of the MITRE attack framework
• Extensive experience in the development of risk management frameworks along with the requisite
implementation
• Advanced knowledge of information technology systems, project processes, and application
development
Desired Qualifications and Education Requirements:
• Prior experience developing, implementing, and or assessing an information security program for a
medium to large financial institution.
• Prior experience implementing and/or assessing NIST Cybersecurity Framework (CSF) in a medium
to large financial institution.
• Graduate education in Business, Cyber/Information Security Risk, Information Systems, Computer
Science, Engineering, Quantitative discipline or related field
• Professional certifications including, but not limited to any of the following: FRM, PRM, CISA, CISM,
CISSP, CGEIT, CRISC, CFE, CPA, CIA, CIPP, ISA, AWS and etc.
Principal Information Security Governance & Risk Management
Hybrid in Vienna, VA
Contract
Description:
The Principal, Information Security Governance & Risk Management supports the client’s Information Security Division in effectively managing the Enterprise’s Information Security risks and overall program. Responsible for the strategy, management and the overall execution of first line of defense information security risk management and governance activities at the enterprise. This role will collaborate with Sr. leaders across the enterprise to identify, mitigate and manage information security risks. Uses extensive industry and real-world experience to lead information security governance and risk management activities, developing pragmatic solutions to address gaps in line with established risk appetites. Ensure information security governance and risk management activities align with strategic business initiatives, achieve business and quality objectives, mitigate risk and enhance operating procedures. Develop dashboards, metrics and reporting data to provide consultative guidance during monthly and quarterly governance committees. Promote operational efficiency and service excellence through appropriate risk controls, process improvements and training while reducing and mitigating financial losses.
Responsibilities:
• Lead the Information Security Program Risk Assessment.
• Develop and lead a comprehensive Information Security Program Maturity Assessment and Risk
Assessment initiatives in line with the enterprise goals and regulatory expectations.
• Ensure the effective identification, mitigation and management of information security risks arising
from business activities. In addition, provide guidance and advice to senior management on the
status of their control environment related to standards compliance, risk identification and control
issues. Identify critical areas to monitor and escalate issues and findings to appropriate
stakeholders and governance committees.
• As applicable, articulate implications of risks and issues related to data management and protection
to sponsors and risk owners and, if necessary, assist with security exceptions or issue management
• Translate control deficiencies into action plans and provide recommendations to enhance
governance practices in alignment with risk and compliance frameworks.
Qualifications and Education Requirements:
• Bachelor's degree in Information Systems, Computer Science, Engineering, Business, Mathematics,
Economics, or related field, or the equivalent combination of education, training and experience
• A minimum of 12-15 years of experience leading risk and/or compliance related activities in
financial services or other relevant industry, especially Operational Risk Programs
• Deep knowledge and practical experience implementing NIST CSF in a medium to large financial
institution.
• Extensive knowledge of industry leading risk management frameworks such as COSO, COBIT, NIST
CSF, ITIL)
• Working knowledge of the MITRE attack framework
• Extensive experience in the development of risk management frameworks along with the requisite
implementation
• Advanced knowledge of information technology systems, project processes, and application
development
Desired Qualifications and Education Requirements:
• Prior experience developing, implementing, and or assessing an information security program for a
medium to large financial institution.
• Prior experience implementing and/or assessing NIST Cybersecurity Framework (CSF) in a medium
to large financial institution.
• Graduate education in Business, Cyber/Information Security Risk, Information Systems, Computer
Science, Engineering, Quantitative discipline or related field
• Professional certifications including, but not limited to any of the following: FRM, PRM, CISA, CISM,
CISSP, CGEIT, CRISC, CFE, CPA, CIA, CIPP, ISA, AWS and etc.
