Risk Management Analyst (5019)
Portland Metro Area, Oregon | Consulting
You will work under the management of the Information Risk Management (IRM) leadership team in setting objectives, partnering across functions and aggressively executing strategy. You will regularly interact with other risk management and compliance functions, such as Corporate IT Audit, Legal and the company's External Auditors in ensuring an effective internal control environment. You will have significant latitude in driving a communication and marketing plan that increases the value and visibility of information risk management and security strategy.
This contract opportunity is scheduled to be 1-year.
- Assist leadership in building and executing the process and tracking information risk decisions across multiple internal functions
- Partner with Global Process Leaders (GPL's), Global Technology Leaders (GTL's), Product Engines and internal Governance teams such as Legal, Corporate Audit and Tech in designing processes and controls that effectively mitigate information security risk
- Be responsible for bringing leadership and strategic insight to the tracking, recording and management of the most significant information risks in a collaborative manner and working cross functionally with your partners to suggest solutions and approaches to improve the management of that risk effectively
- Identify, document and elevate visibility to information risk, where business direction creates potential for exposure to employee, athlete and product sensitive data streams
- Develop, drive and lead a strategy around the management of information risk utilizing mechanisms to track the identification, remediation or acceptance of risk decisions
- Evaluate vendor processes at the point of engagement and ensure sufficient validation of data sharing arrangements and agreements protect the client's sensitive information
- Perform formal risk assessments on partner and vendor connections and ensure the business objectives align with the type and volume of data used in maintaining a "need to know/use" mindset
- Create a subscription to the information risk assessment process through pro-active partnerships and collaboration with internal business partners
- Become an advocate of Information security procedures, policies, and processes, and standards as a mechanism to enable the business effectively while managing risk appropriately
- Provide enforcement of security policies, standards and procedures by working cross functionally with Compliance and Governance functions within the Corporate Information Security organization
- Propose and implement methods to ensure information security awareness
- Support the risk analysis intake process and communicate to stakeholders
- Stay current on information security technologies, trends, standards and best practices
- Knowledge of information security principles and practices, general procedures and guidelines
- A general understanding of technology use, trends and risks as it applies in a business context and environment
- Excellent communication skills (written and verbal) as well as comfort and experience in presentation delivery
- Proven persuasion skills
- Proven experience identifying solutions for complex problems in enterprise environments
- Proven analytical and problem-solving ability
- The ability to appropriately communicate complex security risks to non-technical staff
- Must be trustworthy in keeping sensitive data confidential
- Bachelor's degree in Business Information Management or Computer Science desired
- Minimum 5-8 years' experience in information security including information security or IT control design processes or a combination of 5 years in these disciplines with some experience in marketing and corporate communication
- CISSP, CISA or CISM certifications are beneficial
- Awareness of information and data security best practices, benchmarking and key performance indicators (KPI's)
- Certified Information Systems Security Professional (CISSP)
- Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or Certified Expert in the Governance of Information Technology (CEGIT)
- SANS / GIAC Certifications
Applicants must be fully authorized to work in the U.S. and physically be in the U.S.
CORP-to-CORP requests will NOT be entertained.
Relocation assistance will not be available for this position.
Evo is an equal opportunity employer and considers qualified applicants for employment without regard to race, gender, age, color, religion, disability, veteran status, sexual orientation, gender identity, or any other protected factor.