Sr. IT Risk Management Advisor
Sr. IT Risk Management Advisor
Provide expertise and consulting to technology, the business and external partners by defining and assessing security and risk protocols while ensuring regulatory compliance.
Our IT Risk Management team:
We work in conjunction with legal, compliance, back office operations, analytics, operations, technology and software development. We are expected not just to be the experts in security and risk management, but also to be able to articulate the risks in an understandable fashion to enable the right decisions for Enova. What makes us great is that we work as a team, are passionate about our jobs and provide immense value to the company.
This is where YOU come in:
As a Sr. IT Risk Management Advisor, your job will be to initially manage our PCI and BCP programs and to facilitate the risk management of internal projects, architectures, external partners and vendors. You will assist in managing our control framework and educating our associates on appropriate security measures. Use your subject matter expertise and technical skills to assess security risks and their impact to the organization. You’ll be collaborating with just about every organizational function and will utilize your incredible people skills to gain trust and respect by delivering straightforward results and solutions. You will understand and improve controls, policies and processes, through your leadership ability to establish unity of intent.
You’re right for this job if you:
- Have 5-10+ years of experience in assessing enterprise risk and delivering security solutions
- Have experience managing a PCI-DSS (as a Level 1) program
- Have a strong understanding of controls (NIST, ISO, PCI, SOX), how to apply them and how to assess them
- Can identity and assess risks and gaps, create a mitigation plan to address them and ensure implementation to closure
- Can lead security investigations; including evidence gathering, interpretation, forensics and report production
- Have Business Continuity Planning experience, can run testing exercises and update BIA’s
- Experience in writing, assessing and modifying IT Security policies, procedures and processes
- Identify and resolves any security or compliance problems related to our standard security framework
- Can stay abreast of the security landscape; threats; tools; controls; regulations;
- Have a networking background and understanding (TCP/IP, Routers, VLANS, Firewalls, WAF, IDS, DLP)
- Strong understanding of threats, malware, vulnerabilities, exploits, and log analysis
- Strong understanding and application of cloud security controls
- Have a Bachelor’s degree in Information Security/Risk, Computer Science or equivalent experience
- Are able to jump in and handle new tasks as assigned
**May be required to travel domestically or internationally
Kudos to you if you:
- Have been exposed to Reciprocity Labs GRC Tools
- Can understand and write SQL scripts, RegEx, and shell scripts
- Have knowledge of Altassian Confluence and Jira
- Have knowledge of Pivotal Tracker, SpringCM, AWS, Tenable, TripWire, McAfee, F5, Cisco, Palo Alto
- Have one or more relevant security certifications; CISSP, CISA, CISM, GIAC-GISP, GIAC-GCFA, CEH, etc.
Who is Enova?
Enova is a multinational company based in the U.S. that uses technology to develop innovative financial products and services for individuals and businesses. We have unique technology, analytics and customer service capabilities that let us rapidly evaluate new data sources to offer consumers and small businesses the right amount of credit or financing when and how they want it.
- Job Location
- Chicago, Illinois, United States
- Position Type
- Full-Time/Regular