Enterprise Risk Program Manager

What you’ll do

• Drive the Enterprise Risk Engineering Management (ERM) program by fostering a risk informed culture and regularly assessing exposures, identifying gaps, and supporting issues management resolution
• Support the maturity of the ERM Program through assisting with the development of foundational and governance elements including standards, systems, tools, policies, workflows, and communications
• Execute periodic control and engineering risk assessments against the multiple compliance frameworks we currently align to and may align to in the future (SOX, SOC 2, ISO 27001:2022, FedRAMP, etc.)
• Assist in maintaining the documentation, prioritization, and tracking of items such as the company risk register and exceptions process
• Perform analysis on regulatory changes, or organization changes, that may impact our Information Security requirements
• Perform periodic Business Impact Analysis (BIA) assessments to support Business Continuity and Disaster Recovery programs
• Work closely with internal stakeholders (Corporate IT, Legal, HR, Audit, and Product Team Members) on governance/compliance initiatives and enhancements to the monitoring of security controls
• Provide ad-hoc risk consultation to executives, leaders and internal stakeholders to help manage risks in pursuit of business and strategic objectives
• Act as a program manager, by developing and tracking risk register items and audit corrective action plans through remediation
• Develop automated, repeatable and sustainable risk program registration, tracking and reporting program capabilities
• Maintain the appropriate KPIs and KRIs related to an Enterprise Risk program
• Review risk reporting, including but not limited to the status of key risks and related trends, the effectiveness of controls and responses/mitigation, key risk indicators, and exceptions, etc
• Maintain and monitor ERM program policies and procedures
• Maintain and mature GRC tool used to track risks, exceptions and remediation plans

Investing in our people is one of our top priorities, and we value candidates who can bring their diversified experiences to our teams. Here are some qualities we’ve found compatible with our team. We'd love to talk about whether this aligns with your experience and Interests and what you’re excited to work on next.

Minimum Qualifications

• Bachelor's in Information Security, Computer Science, or related degree; Certified Information Systems Auditor (CISA) or Certified Information Systems Security Professional (CISSP) Certification or equivalent
• Minimum of 5+ years work experience in IT/Security Compliance/Audit function (or equivalent)
• Proven experience in compliance, risk management and/or IT security program management
• In-depth knowledge of the industry's standards and regulations as well as common control sets (e.g. SOX, SOC 2, ISO 27001:2022, ISO 27701, NIST 800-53, NIST CSF, FedRAMP, GDPR and HIPAA)
• In-depth understanding of concepts related to information security domains such as Cloud Computing, Physical Security, Third Party Risk Management (TPRM), Identity and Access Management, Data Security, Vulnerability and Patch Management, Malware Defenses, CIS Top 18 Controls
• Strong relationship-building and interpersonal skills, needed to help influence decision makers and technology owners
• Integrating new technologies into existing technology portfolios
• Collaborating with cross-functional teams, including engineering, network and infrastructure
• Excellent knowledge of reporting procedures and record-keeping
• Ability to succeed in a team environment or work as an individual contributor

Preferred Qualifications

• Strong understanding of GRC programs for cloud providers
• Self-starter and requires minimal direction from leadership
• Methodical and diligent with outstanding planning abilities
• Able to meet deadlines and handle multiple priorities
• Strong ability to negotiate with business partners to attain successful outcomes
• Excellent communication skills
• Strong project management skills with the ability to manage several large projects at the same time, keeping them on scope, on budget and on time
• Ability to present and effectively communicate with all levels of the organization
• Flexible with the ability to multitask, effectively prioritize and work under pressure
• Advocate of continuous improvement and industry recognized best practice

Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $130,000-$155,000. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience.