Technical Risk Manager

TECHEAD is celebrating thirty-five years of incredible heritage, talent, and accomplishments!

To learn more about TECHEAD, visit us at TECHEAD.com or on Glassdoor.com.

Technical IT Risk Manager | 21070

Remote

Contract: 1 Year

No C2C Candidates

Responsibilities:

• Communicate IT Security risk policies and processes for the client's Information Security Program.
• Provide hands-on development of risk models, third-party risk assessments, security metrics, security documentation, and vendor management.
• Have excellent quantitative and analytical skills, along with the ability to apply those skills across multiple business processes.
• Create new policy and update existing policy. Retire policy.
• Create a POA&M and attach a Policy Exception to Remediate a POA&M
• Create Citation and Update Citation. Associate a Citation to a Control Objective(s)
• Generate Third-Party Risk Assessment and complete Assessment.

Requirements:

• Designing and implementing an overall risk management process for the organization.
• Minimum of 5 years of experience:
• Possess strong ServiceNow IRM platforms experience - Preferably with ServiceNow
• Dashboard and Reports - Create Dashboards and reports including custom dashboard. Also update existing reports.
• Performing a risk assessment for each IT application: Analyzing current risks and identifying potential risks that are affecting the organization.
• Performing a risk evaluation: Evaluating the organizations previous handling of risks, comparing potential risks and associated costs and legal req
• Create Risk Statement. Review and Approve Risk Statement. Map Risk Statements to Control Objectives. Associate a Risk Statement to an Entity and associate a Risk Statement to an Entity Type
• Be familiar with NIST 800-53 Controls.
• Familiar with GRC ArcherParticipating in new project initiation, enhancements, and other assigned projects.
• Perform accreditation and certification of IT applications.
• Perform vendor management and security assessments.
• Establishing the level of risk the organization are willing to accept.
• Risk reporting tailored to the relevant audience. (Educating the leadership team about the most significant risks to the business; ensuring business
• Explaining the external risk posed by corporate governance to stakeholders.
• Conducting policy and compliance audits, which will include liaising with internal and external auditors.
• Maintaining records of security documentation and artifacts for all IT applications.
• Perform vendor management and security assessments.
• Review Interoperability agreements, data sharing agreements, and/or Memorandum of Understandings for new or existing applications.
• Reviewing any new major contracts or internal business proposals.
• Building risk awareness amongst staff by providing support and training within the organization.
• Provide quarterly updates on risk assessments and audit recommendations/corrective action plans.

Education:

• Certified Information Systems Security Professional (CISSP),
• Certified Information Security Manager (CISM),
• Certified Information Systems Auditor (CIS | Desired | 1 Years | PREFERRED
• BS or BA degree in a Computer Science or a related technical discipline, five (5) or more years of relative experience or training.

TECHEAD provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, disability, genetic information, marital status, amnesty, or status as a covered veteran in accordance with applicable federal, state and local laws governing non-discrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment, including, but not limited to, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training.

For more information on TECHEAD please visit www.techead.com.