Kforce has a client that is seeking a Security Risk Management Program Lead in Rocklin, CA.
Duties/Day to Day Overview:
Security Risk Management Program Lead will improve and maintain the company's comprehensive cybersecurity risk management program
Ensure alignment of the program with industry standards and regulatory requirements (e.g., NIST Cybersecurity Framework, NIST 800-53, GDPR, etc.)
Conduct regular cybersecurity risk assessments on technology environments to identify potential threats and vulnerabilities
Employ threat modeling techniques to determine risk exposure
Develop risk mitigation strategies and oversee their implementation
Monitor and report on the effectiveness of risk mitigation measures and make necessary adjustments
Provide guidance on policies, procedures, and standards to manage cybersecurity risks and promote their sound implementation throughout the organization
Utilize the ServiceNow Integrated Risk Management (IRM) tool to track, manage, and report on risks
Serve as the primary point of contact for cybersecurity risk issues and queries
Build and maintain strong professional relationships and partnerships with key business teams
Collaborate with various departments to ensure cybersecurity risk management practices are integrated into all business processes
Liaise with external stakeholders, including auditors and regulatory bodies, to ensure compliance and address concerns
As a Security Risk Management Program Lead, you will develop cybersecurity risk management training materials for employees
Communicate risk management strategies and policies to all levels of the organization
Prepare and present regular reports on the status of the cybersecurity risk management program to senior management and the board of directors
REQUIREMENTS:
Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field, or equivalent experience
Minimum of 7-10 years of experience in cybersecurity, with at least 5 years in a risk management role
Proven experience in leading cybersecurity risk management programs
In depth knowledge of risk assessment and risk analysis
Experience in the retail industry a plus
Experience in a leadership role within a medium to large organization
Understand information security holistically and how it relates to business goals
Excellent written, oral, and interpersonal communications skills with proven ability to champion causes with positive impact and change
Strong analytical skills
Extensive knowledge and experience with information security standards and methodologies, including NIST 800-53, NIST CSF, PCIDSS, ISO 9000 series, COBIT, Sarbanes Oxley, HIPAA, and other relevant industry security standards
Nice to Haves:
CISSP, CISM, CRISC or similar certification (e.g., GIAC Certified ISO-17799 Specialist (G7799))
Privacy Certification (e.g., Certified Information Privacy Professional)
Experience interfacing with and communicating information on complex privacy and security compliance issues to senior management and business units and external parties
Experience with the ServiceNow Integrated Risk Management (IRM) tool
Experienced in reviewing contracts for security risks and negotiating security terms with third parties
Additional Notes:
Strong background in cybersecurity, risk management, and regulatory compliance
Experience in the retail industry
In-depth knowledge of cybersecurity frameworks such as NIST CSF and/or NIST 800-53
Proven track record of leadership, strategic planning, and project management
Strong analytical and problem-solving skills
Excellent communication and interpersonal skills
The pay range is the lowest to highest compensation we reasonably in good faith believe we would pay at posting for this role. We may ultimately pay more or less than this range. Employee pay is based on factors like relevant education, qualifications, certifications, experience, skills, seniority, location, performance, union contract and business needs. This range may be modified in the future.
We offer comprehensive benefits including medical/dental/vision insurance, HSA, FSA, 401(k), and life, disability & ADD insurance to eligible employees. Salaried personnel receive paid time off. Hourly employees are not eligible for paid time off unless required by law. Hourly employees on a Service Contract Act project are eligible for paid sick leave.
Note: Pay is not considered compensation until it is earned, vested and determinable. The amount and availability of any compensation remains in Kforce's sole discretion unless
and until paid and may be modified in its discretion consistent with the law.
This job is not eligible for bonuses, incentives or commissions.
Kforce is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.
By clicking "Apply Today" you agree to receive calls, AI-generated calls, text messages or emails from Kforce and its affiliates, and service providers. Note that if you choose to communicate with Kforce via text messaging the frequency may vary, and message and data rates may apply. Carriers are not liable for delayed or undelivered messages. You will always have the right to cease communicating via text by using key words such as STOP.