Information Security Risk Management Director

August 28

Apply Now

Receive Emails with Similar Jobs

BILL

WebsiteLinkedInAll Job Openings

As a champion of SMBs, we are dedicated to automating the future of finance so businesses can thrive.

business bill pay • online invoicing • ePayment • QuickBooks bill payment • ACH payments

1001 - 5000

Description

• Lead the comprehensive cyber risk management program including strategy, framework, process, execution, and continuous maturity • Conduct security risk assessments to identify potential risks from threats and vulnerabilities within the organization's infrastructure and applications. • Perform control effectiveness assessment by collaborating with cross-functional teams to understand technical implementations and assess control strength • Communicate identified security risks and their potential impact to stakeholders, including technical and non-technical audiences. • Develop and implement strategies for security risk remediation, ensuring alignment with technical, compliance and business requirements. • Provide expert guidance on security controls and best practices to cross-functional teams and guide risk mitigation • Maintain up-to-date knowledge of industry standards, regulatory requirements, and emerging threats to inform risk assessment and remediation processes. • Lead the enhancement of the security risk management program, including policies, procedures, and frameworks. • Track and report on the status of risk remediation efforts, ensuring timely resolution and compliance with organizational policies. • Develop and present detailed reports on risk assessments, including identified threats, vulnerabilities, and the effectiveness of implemented mitigation measures. Ensure these reports are understandable to technical and non-technical stakeholders, including senior management • Demonstrate a process-oriented, results-driven approach to security risk engineering, employing effective problem-solving and communication skills to serve as a subject matter expert and trusted advisor.

Requirements

• Bachelor’s degree in Computer Science, Information Security, or a related field. • 10+ years of experience in security risk assessment, with a focus on qualitative analysis, or equivalent and relevant security experience. • Strong technical knowledge of security controls, including but not limited to access controls, encryption, network security, and vulnerability management. • Demonstrated experience working within a GRC framework, with an understanding of regulatory and compliance requirements (e.g., PCI DSS, SOC). • Excellent communication skills at all levels, with the ability to articulate complex technical concepts to diverse audiences, including C-Suite • Proven ability to work collaboratively with engineering teams to assess and mitigate security risks. • Experience with security risk remediation programs, including technical implementation and compliance considerations. • Strong analytical and problem-solving skills, with attention to detail and accuracy.

Benefits

• 100% paid employee health, dental, and vision plans (choose HMO, PPO, or HDHP) • HSA & FSA accounts • Life Insurance, Long & Short-term disability coverage • Employee Assistance Program (EAP) • 11+ Observed holidays and wellness days and flexible time off • Employee Stock Purchase Program with employee discounts • Wellness & Fitness initiatives • Employee recognition and referral programs • And much more