Job Summary: 

• Work closely with IT to identify, govern, and manage information security risks.
• Ensure the Information Risk Management framework is implemented effectively.
• Take ownership of key controls to maintain alignment with information security requirements.
• Ensure risk acceptances and mitigation plans are established with appropriate business sign-off and proactive risk governance.
• Support and provide reporting at both business and divisional levels, including risk aggregation.
• Identify and implement continuous improvement activities for risk management processes across the information security function.
• Establish and maintain strong relationships across the business and wider group.
• Collaborate effectively with the broader Information Security team.
• Advise, support, and challenge the implementation of people and premises security requirements.
• Identify data protection alerts requiring immediate attention and deploy corrective or preventive actions, including escalation and reporting.

Skills on Resume: 

• Information Security Governance (Hard Skills)
• Risk Management (Hard Skills)
• Control Implementation (Hard Skills)
• Regulatory Compliance (Hard Skills)
• Data Protection (Hard Skills)
• Relationship Building (Soft Skills)
• Collaboration (Soft Skills)
• Communication (Soft Skills)

Job Summary: 

• Assist in conducting assessments of third-party security controls.
• Respond to client inquiries on security practices and collaborate with internal stakeholders to ensure client needs are met.
• Support the risk assessment process for systems and products.
• Stay informed on applicable regulations and standards, including certification requirements.
• Evaluate security controls to ensure compliance with standards, policies, regulations, and contracts.
• Collaborate with external auditors and internal teams to complete security assessments and achieve annual compliance certifications.
• Provide analysis and drive continuous improvement of GRC tool capabilities through lifecycle management best practices.
• Integrate threat modeling, risk management, security tools, standards, and processes to support Information Security and other internal stakeholders.
• Assist in the development, execution, and maintenance of internal and external assessment plans, including HITRUST, HIPAA, and PCI DSS.
• Provide coordination and act as a technical SME in project meetings, security meetings, and various initiatives.
• Assist with special projects or assignments within other areas of Information Security.

Skills on Resume: 

• Third-Party Assessments (Hard Skills)
• Client Security Support (Soft Skills)
• Risk Assessment (Hard Skills)
• Regulatory Knowledge (Hard Skills)
• Compliance Evaluation (Hard Skills)
• Audit Collaboration (Soft Skills)
• GRC Tool Management (Hard Skills)
• Threat Modeling (Hard Skills)

Job Summary: 

• Assist the third-party risk management team in processing information related to vendors and partners to reduce risk to member and employee data.
• Initiate, monitor, process, and follow up on third-party information security vendor questionnaires for all in-scope relationships.
• Assemble relevant risk reporting for in-scope vendors.
• Support the third-party risk management team in achieving program goals as directed and trained.
• Support the risk identification and management process across the enterprise.
• Assess the adequacy of the security strategy and controls, evaluate threats to systems, and calculate the impact of potential adverse events on company assets.
• Perform continual risk assessments to address evolving threat profiles.
• Keep executive management informed of risk assessment results and provide recommendations for mitigations or projects to protect systems and minimize potential losses.
• Conduct projects related to compliance, control assurance, risk management, security, and infrastructure/information asset protection.
• Perform IT risk assessments for one or more IT functional areas across the enterprise.
• Develop security solutions for assignments of low to medium complexity.

Skills on Resume: 

• Third-Party Risk (Hard Skills)
• Vendor Assessment (Hard Skills)
• Risk Reporting (Hard Skills)
• Program Support (Soft Skills)
• Enterprise Risk (Hard Skills)
• Security Evaluation (Hard Skills)
• Executive Communication (Soft Skills)
• Solution Development (Hard Skills)

Job Summary: 

• Participate in third-party assessments and reviews.
• Understand and enforce general computing controls within third-party organizational structures.
• Communicate with third-party stakeholders and end users through multiple communication channels.
• Develop and maintain procedural documentation.
• Identify security administration deficiencies, recommend improvements, and assist with implementing corrective actions.
• Execute regular reporting on a daily, weekly, and monthly basis.
• Properly scope third-party organizational structures to apply necessary controls for assessment.
• Perform and manage control/risk assessments and remediation of identified findings in line with process documents.
• Ensure third-party compliance with business agreements, policies, procedures, and regulations, mapping controls to compliance requirements.
• Review third-party policies and procedures, internal and external assessment reports, and agreements, providing feedback.
• Prepare executive summaries with recommendations and guidance on remediation efforts and third-party disposition.

Skills on Resume: 

• Third-Party Assessments (Hard Skills)
• Computing Controls (Hard Skills)
• Stakeholder Communication (Soft Skills)
• Procedural Documentation (Hard Skills)
• Security Improvements (Hard Skills)
• Regular Reporting (Hard Skills)
• Control Assessments (Hard Skills)
• Compliance Review (Hard Skills)

Job Summary: 

• Assist with the development and ongoing management of the Cybersecurity Governance, Risk, and Compliance program.
• Maintain security standards, process documentation, and control objectives.
• Enhance and mature the information security awareness and training program.
• Monitor and escalate unresolved security exposures, misuse, policy violations, and other non-compliance issues to Security Leadership.
• Track changes in the regulatory environment and assess their impact on security programs and compliance standards.
• Collaborate with technology teams and other stakeholders to identify potential security weaknesses, evaluate potential impacts, and develop effective mitigation strategies.
• Develop and maintain security risk metrics to promote organizational transparency.
• Measure, monitor, and report on information security risks to senior management.
• Participate in security incident investigations and prepare detailed incident report documents.
• Maintain current knowledge of industry best practices in threat analytics and incident response.
• Develop and maintain internal documentation, including policies, procedures, and project schedules.
• Provide technical guidance and oversight to less experienced staff.

Skills on Resume: 

• GRC Program Management (Hard Skills)
• Security Standards (Hard Skills)
• Security Awareness (Soft Skills)
• Issue Escalation (Hard Skills)
• Regulatory Tracking (Hard Skills)
• Mitigation Strategies (Hard Skills)
• Risk Metrics (Hard Skills)
• Incident Response (Hard Skills)

Job Summary: 

• Provide subject matter expertise for one or more security GRC programs.
• Support information security policy compliance processes.
• Develop and maintain repeatable, documented processes to identify and collect risk conditions, facilitate remediation, and monitor remediation.
• Analyze and report on security findings to assist in driving risk items into remediation and closure.
• Identify pervasive risks across the organization, aggregate them, and drive remediation planning efforts.
• Assist in enhancing risk metrics and reporting high-impact items for management visibility.
• Partner with technical and business partners to develop remediation plans and budgets.
• Report and escalate information security risks through appropriate committees and channels.
• Provide recommendations to leadership on program effectiveness and enhancements.

Skills on Resume: 

• GRC Expertise (Hard Skills)
• Policy Compliance (Hard Skills)
• Process Development (Hard Skills)
• Security Reporting (Hard Skills)
• Risk Aggregation (Hard Skills)
• Risk Metrics (Hard Skills)
• Remediation Planning (Hard Skills)
• Leadership Recommendations (Soft Skills)

Job Summary: 

• Serve as a liaison between personnel and IT/IS staff to collect and analyze information security requirements, needs, and components of new systems or changes to existing systems.
• Maintain workflow and process diagrams for all critical functions.
• Manage the Business Continuity Plan, including coordination of semi-annual and annual updates as well as testing.
• Manage and maintain Disaster Recovery documentation and coordinate periodic testing.
• Work with the ISO to maintain and coordinate testing of Incident Response Plans.
• Oversee the Third Party Management Program.
• Collaborate with the ISO to ensure all security and PCI compliance requirements are met, including conducting risk assessments.
• Review information security reporting on a daily, weekly, monthly, or other required basis.
• Prepare monthly management reports.
• Manage the program change control process to ensure proper procedures are followed for all system changes.

Skills on Resume: 

• Security Liaison (Soft Skills)
• Process Documentation (Hard Skills)
• Business Continuity (Hard Skills)
• Disaster Recovery (Hard Skills)
• Incident Response (Hard Skills)
• Third-Party Management (Hard Skills)
• Risk Assessment (Hard Skills)
• Change Control (Hard Skills)

Job Summary: 

• Enhance LendingTree's Third-Party Risk Management Program under the direction of senior InfoSec team members.
• Ensure risk is managed throughout the third-party life cycle, including planning, due diligence, contract, transitions, ongoing monitoring, and exit.
• Perform third-party risk assessments and analyze the risk level of third-party engagements for both new and existing vendors as part of ongoing review and update cycles.
• Monitor, analyze, and maintain third-party information and documentation.
• Perform periodic IT Risk Assessments while partnering with multiple departments in line with regulatory requirements to assess risk across all business units.
• Author risk narratives to communicate key risks for an engagement or vendor and support why a certain risk level has been assigned.
• Apply a strong understanding of risk topics and a 'risk mindset' to actively challenge inputs.
• Assist with maintaining the Governance, Risk, and Compliance (GRC) program.
• Assist with IT Risk reporting to key stakeholders at LendingTree.
• Identify specific IT Risk observations and work with affected parties to classify and address risk issues.

Skills on Resume: 

• Third-Party Risk (Hard Skills)
• Risk Lifecycle (Hard Skills)
• Risk Assessments (Hard Skills)
• Risk Monitoring (Hard Skills)
• IT Risk Assessment (Hard Skills)
• Risk Narratives (Hard Skills)
• GRC Support (Hard Skills)
• Risk Reporting (Hard Skills)

Job Summary: 

• Monitor information security news for emerging threats, technologies, and regulations that may impact processes, systems, and applications.
• Champion the ISO 27001 ISMS program by documenting policies and procedures, and conducting audits, risk assessments, and management reviews.
• Manage IT SOX compliance activities.
• Oversee implementation of SANS 20 Critical Security Controls.
• Coordinate and execute IT security projects.
• Stay current by pursuing educational opportunities, reading professional publications, maintaining networks, and engaging with professional organizations.
• Protect organizational value by maintaining the confidentiality of information.
• Support organizational goals by taking ownership of new initiatives and identifying opportunities to add value.
• Document duties, activities, issues resolved, and problems addressed.
• Assist in developing benchmarks and setting specific goals for the evolution of system, process, and application security.
• Develop and deliver security awareness and policy training.
• Actively expand skills through research, training, and collaboration with peers.
• Attend meetings and participate in committees.

Skills on Resume: 

• Threat Monitoring (Hard Skills)
• ISMS Management (Hard Skills)
• SOX Compliance (Hard Skills)
• Security Controls (Hard Skills)
• Project Coordination (Hard Skills)
• Confidentiality (Soft Skills)
• Security Training (Hard Skills)
• Continuous Learning (Soft Skills)

Job Summary: 

• Foster a culture of collaboration and responsible risk management through the definition and adherence to appropriate risk appetites, control frameworks, policies, and directives.
• Serve as an Information Security subject matter expert for business line projects and support the development, implementation, and maintenance of information security.
• Assist with enterprise information security risk deliverables and collaborate with risk partners on security priorities.
• Perform information security risk assessments.
• Decompose complex risk issues and gain business line consensus on risk levels and responses, including acceptance and mitigation, while establishing and communicating residual risk levels.
• Identify and evaluate complex technology risks, internal controls that mitigate risks, and opportunities for control improvements.
• Conduct pre- and post-contract risk assessments, along with ongoing service and compliance monitoring, to ensure adherence to industry regulations, standards, and organizational policies.
• Maintain information security by monitoring and ensuring compliance with applicable policies, directives, and standards.
• Contribute to the development and delivery of training programs.
• Analyze data to produce specific, measurable, actionable, relevant, and time-bound metrics for senior and executive management.
• Monitor internal and external information security trends and keep business lines informed about related issues.

Skills on Resume: 

• Risk Culture (Soft Skills)
• Security Expertise (Hard Skills)
• Risk Collaboration (Soft Skills)
• Risk Assessment (Hard Skills)
• Risk Analysis (Hard Skills)
• Control Evaluation (Hard Skills)
• Compliance Monitoring (Hard Skills)
• Security Training (Hard Skills)

Job Summary: 

• Build and maintain strong working relationships and effective communication with Information Security associates, Enterprise and Network Teams, and Internal Audit on Risk Management and Operational Risk Management matters.
• Maintain professional networking with other senior corporate professionals.
• Implement the FAIR risk methodology.
• Monitor the Information Security Team’s use of forensic analysis tools and assist with investigations.
• Support Risk Programs, including Audit Finding Resolution, maintaining the Risk Register, monitoring the Risk Exception catalog, and scheduling policy/procedure reviews.
• Provide guidance and support in the development, implementation, and communication of risk-related policies and standards.
• Assist in identifying practical and cost-effective solutions to security and risk issues.
• Support adherence to Federal and State regulatory requirements as well as recognized best practices.
• Assist in conducting risk reviews of the IT control framework.
• Contribute to end-to-end risk remediation planning, resolution, and monitoring activities.
• Collaborate with internal and external auditors.
• Assist in evaluating alternative approaches to reduce exposure to data loss and security breaches.

Skills on Resume: 

• Relationship Building (Soft Skills)
• Professional Networking (Soft Skills)
• FAIR Methodology (Hard Skills)
• Forensic Support (Hard Skills)
• Risk Programs (Hard Skills)
• Policy Development (Hard Skills)
• Regulatory Compliance (Hard Skills)
• Risk Remediation (Hard Skills)

Job Summary: 

• Lead information security risk assessments utilizing the organization’s risk scoring methodology.
• Create periodic executive management reports that illustrate the current information security risk landscape.
• Enhance the Governance, Risk, and Compliance (GRC) platform to align with operational risk management tasks.
• Develop information security risk management dashboards with clear, consumable metrics.
• Use the GRC platform to manage both ongoing and one-time risk assessments.
• Lead the information security review of potential vendors to identify control weaknesses that may pose risks to the organization and its members.
• Conduct and document annual vendor information security risk assessments for approved vendors.
• Document observations from risk assessments in accordance with established policies and practices.
• Collaborate with IT and business partners to recommend defenses, countermeasures, remediation, and process improvements to strengthen security and risk posture.
• Provide consultative support as a security subject matter expert on projects and initiatives.
• Define and evaluate functional requirements and specifications of security systems for both internal and external environments.
• Monitor, measure, test, and report on the effectiveness and efficiency of information security controls and compliance with policies and procedures.
• Keep management informed of unresolved issues in line with established escalation procedures.
• Serve as the primary point of contact for internal and external auditors during examinations, providing support in addressing audit recommendations.

Skills on Resume: 

• Risk Assessment (Hard Skills)
• Executive Reporting (Hard Skills)
• GRC Enhancement (Hard Skills)
• Risk Dashboards (Hard Skills)
• Vendor Review (Hard Skills)
• Remediation Support (Hard Skills)
• Security Consultation (Soft Skills)
• Audit Coordination (Hard Skills)

Job Summary: 

• Prepare Business Impact Assessments (BIA) by gathering information for evaluation and maintain an accurate Critical Asset (CA) inventory within assigned regions.
• Coordinate risk assessment activities with relevant stakeholders to support management actions, resolution prioritization, escalations, and risk acceptance processes.
• Track the implementation of risk treatment plans to reduce or eliminate identified risks.
• Prepare the required information from Risk Acceptance requests for assessment.
• Support security awareness training initiatives and provide user guidance to ensure consistent and effective implementation of Global Information Security Standards (GISS), security requirements, and policies.
• Measure compliance with Global Information Security Standards (GISP/GISS).
• Support the regional development and deployment of information security processes and requirements.
• Provide support, guidance, and consultation to business teams and groups, including HR, Legal, Marketing, Finance, Logistics, IS, IT, Privacy, and others on all information security matters.
• Maintain a strong understanding of applicable state and federal laws and regulations.
• Review and negotiate information security contractual terms in vendor and customer contracts.

Skills on Resume: 

• Business Impact (Hard Skills)
• Risk Coordination (Hard Skills)
• Risk Treatment (Hard Skills)
• Risk Acceptance (Hard Skills)
• Security Awareness (Soft Skills)
• Compliance Measurement (Hard Skills)
• Security Consultation (Soft Skills)
• Contract Review (Hard Skills)

Job Summary: 

• Conduct reviews and security risk assessments of new and existing systems, applications, databases, and devices to identify weaknesses or exposures, assess impact, and recommend mitigation solutions.
• Evaluate products and procedures to ensure compliance with regulatory requirements, and assist with annual compliance activities, including PCI, SOX, GLBA, and privacy.
• Perform third-party due diligence and ongoing vendor assessments to evaluate risks and control effectiveness.
• Investigate and report on information security violations, third-party data breaches, and supply chain vulnerabilities.
• Assist with issue and exception management processes, and review vendor contracts to ensure data protection, confidentiality, and privacy clauses safeguard organizational information.
• Review security and privacy laws and regulations, recommending and assisting with policy and procedure updates to maintain compliance and align with best practices.
• Support the implementation of policies and procedures to control risk management of company assets, and maintain the Information Security Manual.
• Review and analyze existing information security measures, and recommend enhancements.
• Assist in ensuring measures are implemented, administered, monitored, and updated as business conditions evolve.
• Remain aware of risk within the functional area, follow all policies, procedures, laws, regulations, and risk limits relevant to the role, and promptly report known or suspected violations to appropriate authorities.

Skills on Resume: 

• Risk Assessment (Hard Skills)
• Regulatory Compliance (Hard Skills)
• Vendor Assessment (Hard Skills)
• Incident Investigation (Hard Skills)
• Issue Management (Hard Skills)
• Policy Updates (Hard Skills)
• Security Enhancements (Hard Skills)
• Risk Monitoring (Hard Skills)

Job Summary: 

• Work with business partners to assist in the interpretation of security policies, standards, and associated guidelines.
• Support end users in navigating the Policy Exception process.
• Process policy exceptions by assessing risk, identifying and documenting mitigating controls, required remediation, and risk ranking.
• Collaborate with infrastructure teams to identify and assess technical risks and related remediation requirements.
• Engage BISOs/TISAs for risk escalations, reviews, and documented approvals.
• Define and provide consultation on remediation solutions.
• Communicate, escalate, and track remediation progress of third-party assessment findings.
• Understand inherent information security risks within a business and articulate them in clear business terms.
• Maintain up-to-date knowledge of information security topics and their applicability to program requirements.
• Engage the DPO on any escalations, delays, or deviations during assessment or remediation activities.
• Stay up to date on emerging security, risk, and resilience issues and trends.

Skills on Resume: 

• Policy Interpretation (Hard Skills)
• Exception Management (Hard Skills)
• Risk Assessment (Hard Skills)
• Technical Risk (Hard Skills)
• Risk Escalation (Soft Skills)
• Remediation Solutions (Hard Skills)
• Third-Party Findings (Hard Skills)
• Security Knowledge (Hard Skills)

Job Summary: 

• Support Information Security Risk Managers and collaborate with business stakeholders to implement effective information security risk management processes, enabling informed security risk decisions.
• Gather information to produce reliable, data-driven risk analysis and quantification so risks can be communicated in clear business terms, allowing actions and resources to be effectively prioritized.
• Play a key support role in identifying, assessing, and reviewing security risks related to products, services, and supply chain to ensure secure deployment and maintain operational resilience.
• Maintain up-to-date and reliable risk information within risk management systems to ensure actions remain on track.
• Coordinate the collection of metrics and the creation of engaging, impactful risk reports.
• Promote the identification of risks within the scope of Global Security and ensure follow-up and development of preventive or corrective actions.
• Contribute to building and supporting an advanced security and risk culture.
• Ensure consistent follow-up of identified risks and the actions defined.
• Support the cybersecurity control framework by adopting internal controls aligned with industry best practices.
• Investigate and analyze cybersecurity alerts and incidents.
• Prepare assessment reports reflecting identified risks and compliance issues.
• Maintain departmental procedures and records.

Skills on Resume: 

• Risk Management (Hard Skills)
• Risk Analysis (Hard Skills)
• Supply Chain Risk (Hard Skills)
• Risk Systems (Hard Skills)
• Risk Reporting (Hard Skills)
• Risk Culture (Soft Skills)
• Control Framework (Hard Skills)
• Incident Analysis (Hard Skills)

Job Summary: 

• Provide oversight and governance of the organization’s Information Security and Cybersecurity Program, communicating progress and issues to senior management.
• Initiate and develop innovative concepts to address complex challenges, create opportunities for new solutions, and act as a consultant by sharing specialist information security knowledge and conceptual guidance with senior and technical experts.
• Develop and implement an effective Threat and Vulnerability Management program.
• Research and investigate new and emerging vulnerabilities, including Zero-Day events, and engage in external security communities.
• Develop an externally focused perspective on evolving threats facing the organization.
• Promote awareness of applicable regulatory standards, upstream risks, and industry best practices across the organization.
• Act as the primary contact for internal and external audits and regulatory examinations.
• Serve as project manager and lead for IT security initiatives.
• Examine systems and procedures to identify potential adverse events, including hardware and software failures, physical disasters, malicious intrusions, malware, denial-of-service attacks, and employee misconduct.
• Identify and assess potential risks to proactively strengthen security posture.

Skills on Resume: 

• Program Governance (Hard Skills)
• Security Consultation (Soft Skills)
• Threat Management (Hard Skills)
• Vulnerability Research (Hard Skills)
• Threat Awareness (Soft Skills)
• Regulatory Knowledge (Hard Skills)
• Audit Coordination (Hard Skills)
• Security Leadership (Soft Skills)

Job Summary: 

• Identify key points of contact and establish effective communication channels.
• Collaborate with functional teams on cyber risks and information security initiatives.
• Initiate security assessment and audit overview meetings, including Q&A sessions.
• Perform security risk assessments and deliver information security awareness activities.
• Conduct internal security investigations, confidential information reviews, and usage audits.
• Lead and support enterprise-wide information security and cyber risk assessments with both technical and non-technical teams.
• Manage assessment and audit timelines, including questionnaires, interviews, evidence verification, and report preparation.
• Proactively identify vulnerabilities and develop recommendations to address information security and cyber risk issues in collaboration with privacy, compliance, internal audit, legal, HR, and IT teams.
• Contribute to the development of information security requirements for vendor and customer security control obligations to ensure protection of organizational assets in line with policies, standards, and compliance obligations.
• Ensure all information security controls meet standards for confidentiality, integrity, availability, and defense-in-depth principles.
• Provide remediation responses for deficient or non-compliant information security controls.
• Respond to customer inquiries and audits of the security program.

Skills on Resume: 

• Communication Channels (Soft Skills)
• Team Collaboration (Soft Skills)
• Audit Coordination (Hard Skills)
• Risk Assessment (Hard Skills)
• Security Investigations (Hard Skills)
• Assessment Management (Hard Skills)
• Vulnerability Management (Hard Skills)
• Customer Support (Soft Skills)

Job Summary: 

• Ensure adherence to industry standards and best practices for all information security responsibilities, including datacenters, networks, telephony, systems, databases, applications, and physical security systems.
• Provide technical expertise and guidance on security issues to senior management.
• Communicate timely and effectively with the organization on relevant security matters.
• Provide leadership in developing security policies and procedures across planning, implementation, training, and monitoring/enforcement.
• Ensure managed controls are in place to meet legal and regulatory compliance requirements for networks and systems.
• Validate and test security architecture and design solutions, producing detailed engineering specifications with recommended vendor technologies.
• Build and maintain relationships with internal teams and third parties to support security development and issue resolution.
• Participate in vendor selection and management processes to ensure the security of corporate and customer data.
• Define corporate security requirements and evaluate systems for compliance with established security standards.
• Perform internal risk assessments in cooperation with IT staff and business units.
• Manage external risk assessments and third-party audit processes in collaboration with IT and Compliance departments.
• Validate results of internal and external risk assessments and provide prioritized remediation plans, tracking, and coordinating validation of remediation activities.
• Oversee awareness programs, privilege management systems, brand protection technologies, and enterprise managed security service providers.
• Serve as a member of the Security Incident Response Team, providing technical consultancy to ensure rapid problem resolution.

Skills on Resume: 

• Security Standards (Hard Skills)
• Technical Guidance (Hard Skills)
• Security Communication (Soft Skills)
• Policy Leadership (Soft Skills)
• Regulatory Compliance (Hard Skills)
• Security Architecture (Hard Skills)
• Vendor Management (Hard Skills)
• Incident Response (Hard Skills)

Job Summary: 

• Understand the opportunities and challenges facing business, mission, IT, and operational groups, and balance institutional risk with business and mission objectives.
• Design and implement mechanisms to monitor adherence to strategies and policies, taking corrective action.
• Serve as a subject matter expert for end-to-end management of findings from information security assessments of vendors, applications, and biomedical devices.
• Adhere to NIST Cyber Security Framework, HIPAA, and Joint Commission requirements, leveraging audits and purple team, penetration, and vulnerability assessment findings.
• Assist in implementing the GRC tool.
• Act as a subject matter expert for cybersecurity audits performed by external clients.
• Maintain a formal risk register that drives security governance and ensures funding is aligned with business objectives.
• Develop Key Risk Indicators to highlight top cyber risks for executive management and the board, and Key Performance Indicators to demonstrate program success and alignment with NIST and industry best practices.
• Work collaboratively with Managers, Directors, CMIO, CIO, Service Line Leads, Steering Committees, and other stakeholders to manage cybersecurity risks.
• Assist in developing a next-generation security education and awareness program that delivers role-based training, incorporates gamification, and builds a measurable risk-aware culture.
• Create and deliver information security concepts in engaging formats such as newsletters, social media, blogs, videos, orientation sessions, town halls, and in-person training.
• Collaborate with the Project Management Office (PMO) and IT teams to define security requirements, track issues, provide solutions, communicate vulnerabilities, and identify policy exceptions.
• Ensure PMO policies, procedures, forms, and workflows incorporate security elements so projects include proper risk management and mitigation practices.

Skills on Resume: 

• Risk Balancing (Soft Skills)
• Policy Monitoring (Hard Skills)
• Assessment Management (Hard Skills)
• Regulatory Adherence (Hard Skills)
• GRC Implementation (Hard Skills)
• Audit Expertise (Hard Skills)
• Risk Register (Hard Skills)
• Security Awareness (Soft Skills)