Full-Time Information Security Risk Manager

Targeted Salary Range: $116,400 - $157,100 (dependent on qualifications and experience).

Benefits: Medical, dental, vision coverage, health savings and flexible spending accounts, life and disability insurance, paid time off, holidays, 401(k) match, employee discounts, and well-being benefits.

Job Summary: Experienced Information Security Risk Manager to manage Governance, Risk, and Compliance (GRC) activities within the Information Security Program, reporting to the Director of Information Security. Focuses on developing, maintaining, and managing Information Security GRC processes.

Essential Duties & Responsibilities:

• Manage the information security risk management process (identifying, assessing, mitigating, and monitoring risks).
• Oversee PCI-DSS compliance program and ensure compliance of payment channels.
• Build relationships with business partners to address security risks.
• Lead third-party/vendor risk management programs.
• Collaborate with cross-functional teams for DevSecOps compliance.
• Develop and deliver user security awareness training.
• Support vulnerability management.
• Establish and maintain security policies and standards.
• Monitor and report on Information Security Program effectiveness, driving continuous improvement.
• Stay informed of industry best practices, regulatory requirements, and emerging threats.

Qualifications:

• Bachelor's degree in Information Security, Computer Science, or related field.
• Minimum 7 years of experience in information security, focusing on risk management, GRC, and/or vulnerability management.
• Preferred certifications: CISSP, CISM, CRISC, or CISA.
• Experience managing risk management processes, GRC functions, and/or vulnerability management.
• Strong knowledge of PCI-DSS compliance.
• Strong knowledge of information security principles, best practices, and industry standards (e.g., CIS Critical Security Controls, ISO 27001, NIST, GDPR).
• Experience performing technical risk analysis using quantitative risk methodologies.
• Experience with third-party/vendor risk management.
• Experience developing and delivering security awareness training.
• Excellent communication skills.
• Strong documentation, planning, negotiation, and organizational skills.

What is the last date for applying to the job?

Which countries are accepted for this remote job?