IT Risk Assessment Principal

Urgent

Apply for this job

Email *
Full Name *
CV Attachment *
Browse

Upload file .pdf, .doc, .docx

Job Description

This individual contributor position is accountable for multiple large-scale ITRM service delivery and engagements, including managing resources and financials. These engagements include compliance assessments and consulting projects that span multiple businesses, as well as driving and overseeing the design and implementation of appropriate controls. This role is also responsible for the direction of performance metrics and reporting tools, including the identification of new methods for compiling and correlating data. This position is expected to work collaboratively with leadership to develop the overall ITRM strategy and define goals, objectives, deliverables, and guardrails within the governance framework to ensure the development and implementation of efficient, effective, measurable, and sustainable ITRM processes and controls.

Essential Responsibilities

  • Drives the execution of multiple work streams by identifying customer and operational needs; developing and updating new procedures and policies; gaining cross-functional support for objectives and priorities; translating business strategy into actionable business requirements; obtaining and distributing resources; setting standards and measuring progress; removing obstacles that impact performance; guiding performance and developing contingency plans accordingly; solving highly complex issues; and influencing the completion of project tasks by others.
  • Practices self-leadership and promotes learning in others by soliciting and acting on performance feedback; building collaborative, cross-functional relationships; communicating information and providing advice to drive projects forward; adapting to competing demands and new responsibilities; providing feedback to others, including upward feedback to leadership; influencing, mentoring, and coaching team members; fostering open dialogue amongst team members; evaluating and responding to the strengths and weaknesses of self and unit members; and adapting to and learning from change, difficulties, and feedback.
  • Drives ITRM processes and/or methodology for designated ITRM initiatives by leading or directing team members in the documentation of process and/or service requirements and acceptance criteria from process owners and key stakeholders; working collaboratively with leadership to develop the ITRM strategy; defining goals, objectives, deliverables, and guardrails within the governance framework to ensure the development and implementation of efficient, effective, measurable, and sustainable ITRM processes and controls; and driving the direction of performance metrics and reporting tools, suggesting process improvements for gathering metrics and identifying new methods for compiling and correlating data sets within the organization.
  • Executes and plans large complex ITRM compliance assessments and consulting projects spanning multiple business units and operational areas by leading intake, planning and coordination activities for new or revisions to technology systems or services; and driving and overseeing the design and implementation of appropriate controls through the sustainment phase.
  • Leads multiple large-scale ITRM service delivery and engagements with full responsibility and accountability for outcomes by overseeing multiple workstreams, including stakeholder communications and team mentorship; managing and monitoring financials; allocating resources; establishing schedules; and making task assignments.

Minimum Qualifications

  • Minimum five (5) years in an informal lead role working with business or technical teams.
  • Bachelor’s Degree in MIS, Information Security, Accounting, Finance, Audit, or related field and Minimum ten (10) years experience in IT risk management, compliance, auditing, or information security, including Minimum two (2) years developing IT compliance frameworks or ITRM methodologies. Additional equivalent work experience in a directly related field may be substituted for the degree requirement.                                                       

Additional Requirements                                                                           

  • Responsible for leading enterprise level assessments on strategic initiatives with an emphasis on HIPAA and some PCI.  Examples of strategic initiative assessments include KP’s move to Azure and KP’s Databricks Data Analytics platform.  Principals are expected to lead strategic initiative assessments in addition to performing multiple smaller scale assessments at one time.  It is expected that Principals perform multiple assessments simultaneously and as a result, a typical day would consist of performing multiple phases (scoping, fieldwork, reporting, management response) of different assessments.  Principals are also expected to serve as the Controls Integration Services Team’s representative on control methodology efforts and GRC tooling efforts.  Principals are also expected to serve as a representative for Controls Integration Services on TRM and TRO Process discussions.  Principals are also expected to serve in a controls design/architect capacity if that service is needed by the system owner.

The Ideal candidate experience and qualifications include:

  • Experience leading assessments on enterprise level strategic initiatives.
  • Experience in controls methodology.
  • Experience in GRC tooling initiatives.
  • Experience in controls design/architecture work as well as controls assessments.
  • Experience with risk / control frameworks / standards: NIST SP 800-53, NIST CSF, HITRUST, etc.
  • Ability to lead and facilitate end to end risk assessments (Scoping, Planning, Kickoff, Fieldwork, Reporting, Management Response)
  • Experience assessing cloud technologies
  • Experience in PCI assessing and consulting
  • Technical writing that effectively communicates security and compliance concepts and issues in a manner that is understood by non-technical audiences

Licenses and Certifications

One or more of the following certifications are required:

  • CISM
  • CISA
  • CRSIC
  • CISSP
  • CCSP                                      

Preferred Qualifications

  • Four (4) years of work experience in a role requiring interaction with executive leadership (e.g., Vice President level and above)
  • Five (5) years experience writing ITRM documentation and assessment reports.
  • Four (4) years experience working in a large matrixed organization.
  • Four (4) years experience in the development and delivery of ITRM metrics and reporting.
  • Two (2) years managing audit and/or compliance projects.
  • Five (5) years experience working with IT general controls (e.g., IT change management, access controls, security controls, etc.).
  • Five (5) years experience working with database and security technologies.
  • Master’s Degree in MIS, Information Security, Accounting, Finance, Audit, or related field.
  • CISSP or comparable certification.
  • CISM or comparable certification.
  • CISA or comparable certification.
  • QSA or ISA certification.
  • PMP certification.
  • ITIL certification.
  • DBMS certification.                                       

Benefits

  • Transportation.
  • Life insurance.
  • Medical insurance.
  • Solidarity association.
  • Growth plans.
  • Additional days off.

K6