Operational Risk Consultant
Scripps Networks Interactive
Knoxville, TNThis was removed by the employer on 5/17/2017 4:23:00 PM PST
Not to worry we have many other jobs on the site;
Browse all jobs
Browse the IS/IT Category
Search for Operational Risk Consultant jobs in Knoxville-TN
Search all Operational Risk Consultant postings
Full Time Job
Job Description:
The Operational Risk Consultant will be responsible for planning, organizing and executing enterprise-wide information security and risk management related initiatives and strategies in support of all business units and divisions within Scripps Networks Interactive. Based at headquarters in Knoxville, Tennessee, this person will identify and champion the confidentiality, integrity and availability requirements needed to meet the organization's risk appetite. They will advise management across the enterprise, construct and maintain information security policies and standards, consult on risk mitigation control objectives, and manage the operational risk assessment process. Working collaboratively across all business units, the role serves as an adviser to management, with superior influence and impact.
This role is responsible for working with business unit project teams, IT groups, Internal Audit and management to assess the risk to, and protect sensitive information for the various applications and technologies globally. They will participate in the development and implementation of a corporate security awareness program and ensure security compliance with applicable regulations. These responsibilities extend to reviews of central and distributed computer systems, including Internet/Intranet, and defense-in-depth controls. They will provide leadership and direction, develop departmental plans, including business and/or organizational priorities.
WHAT WILL YOU BE DOING?
• Reporting to the Director, Operational Risk Management will act as a highly collaborative partner to all business units and key stakeholders accountable to:
• Drive change transformation and strategy execution of a risk-based decision-making culture
• Drive information and infrastructure security awareness and governance deep into the organization, aligning with enterprise programs and objectives
• Significantly contribute to the architecture design to align controls to the risk appetite
• Bring cyber security skills and risk management knowledge to bear on key projects in support of the business unit goals, strategies and initiatives
• Develop and report metric scorecards to reflect the level of adoption and compliance to security policies and standards, remediation of vulnerabilities, and residual risks
• Work with enterprise remediation working groups to align all activities for addressing findings and exceptions
• Defines the information and infrastructure security needs of the business units utilizing a risk-based approach.
• Develops goals, strategies, plans, and success criteria needed to achieve the vision.
• Develops and maintains expertise performing operational risk & information security assessments and developing information security strategies and appropriate policies and standards
• Recommends security solutions to assist with the assessment and improvement of security infrastructure as well as demonstrate a strong understanding of the cyber security landscape, including emerging risks and security solutions
• Translates business needs and regulatory requirements into risk appropriate controls to successfully implement security policies, standards and guidelines
WHAT DO YOU NEED TO HAVE?
Education
• BS/BA degree or equivalent experience
• Obtained (or demonstrate an active pursuit of) one or more of the following certifications: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Controls (CRISC), Project Management Professional (PMP) or other related certifications
• Recent and relevant industry experience in information security, risk management, compliance management, and/or technology governance
• 3-5 years experience in risk/information security program management.
Skills
• Deep understanding of security frameworks and control objectives (e.g., NIST Cybersecurity Framework, ISO 2700x)
• Strong understanding of Systems Development Life Cycle (SDLC) methodologies with the capacity to participate in consulting with project teams on how to incorporate security controls in compliance with policies and standards
• Ability to drive results:
• Creates value and opportunity by leveraging innovative approaches
• Achieve strategic goals through operational excellence
• Seize opportunities quickly while taking educated risks
• Personally invests in driving superior results
• Acts collaboratively and decisively with a ''shared responsibility'' mindset
• Simplifies complexity wherever possible
• Cuts through the noise and defines a clear path
• Organizationally savvy, successfully navigates complex and highly matrix organization
• Incorporates broad knowledge, but not intimidated to find new and innovative ways to solve complex security and risk challenges
• Anticipates new trends, emerging risks and organizational needs
• Applies expert knowledge in data protection, 3rd party management and risk mitigation techniques
• Ability to clearly articulate risks to senior management, balancing business benefits with cyber security risks
• Ability to successfully collaborate with multiple technical functions in the areas of security, infrastructure, technical operations, software engineering and customer support
• Consistent exercise of independent judgment and discretion in matters of significance
• Broad, in-depth technical knowledge of security principles and process is required
• Knowledge and experience in data systems architecture
• Ability to establish and maintains strong working relationships with groups involved with information security matters such as the Legal Department, Internal Audit, & HR
WHAT ARE THE BENEFITS?
• Full-time position (40 hours/week) with competitive compensation package Bonus
• Eligible for full insurance benefits (medical, vision, dental, prescription)
• Eligible for retirement benefits (401k matching additional funds for age/service)
• Fantastic paid time off package of 19 days in 1st year (includes vacation, sick and personal days)
• 9-10 company paid holidays a year on top of that!
• Industry leading maternity/paternity leave program
• Identity theft protection and access to legal services
*LI-AB1