SR. IT Risk Management Advisor
SR. IT Risk Management Advisor
- Tracking Code
- 1563-626
- Job Description
Sr. IT Risk Management Advisor
Reports to Head of IT Risk
Our IT Risk Management team:
We work in conjunction with legal, compliance, back office operations, analytics, operations, technology and software development. We are expected to be the experts in security and risk management, while being able to articulate the risks to the business in order to make sound decisions for Enova. What makes us great is that we work as a team, are passionate about our jobs and provide immense value to the company.
This is where YOU come in:
As a Sr. IT Risk Management Advisor, your job will be to manage our PCI and BCP programs and to facilitate the risk management of internal projects, architectures, external partners and vendors. You will assist in managing our control framework and educating our associates on appropriate security measures. You’ll be collaborating with just about every organizational function and will utilize your incredible people skills to gain trust and respect by delivering straightforward results and solutions. Through your leadership ability you will improve controls, policies and processes. You will have strong decision-making capabilities with the ability to weigh relative costs and benefits of potential actions and identify the most appropriate one for Enova.
You’re right for this job if you:
- Have 5-10+ years of experience in assessing enterprise risk and delivering security solutions
- Have a technical expertise in networking and security knowledge (TCP/IP, Routers, VLANS, Firewalls, WAF, IDS, DLP, SDLC) – can understand and follow a packet
- Strong technical understanding of threats, malware, vulnerabilities, exploit techniques, and log analysis
- Strong technical understanding of application and cloud security controls (OWASP 10 and AWS)
- Be hands on and have experience managing a PCI-DSS (as a Level 1) program and remediate any issues
- Have experience supporting a vulnerability scanning tool (think Tenable & Qualys), interpret the results and remediate findings
- Have a strong understanding of controls (NIST, ISO, PCI, SOX), how to apply them and how to assess them
- Can identity and assess risks and gaps, create a mitigation plan to address them and ensure implementation to closure
- Can lead security investigations; including evidence gathering, interpretation, forensics and report production (you will have to be active hands on keyboard for this)
- Have Business Continuity Planning experience, can run testing exercises and update BIA’s
- Experience in writing, assessing and modifying IT Security policies, procedures and processes
- Identify and resolve any security or compliance problems related to our standard security framework
- Researches and designs information security solutions for organization systems and products that comply with all applicable security policies and standards
- Assists in responding to audits, penetration tests and vulnerability assessments
- Analyzes and makes recommendations to improve network, system, and application architectures
- Can stay abreast of the security landscape; threats; tools; controls; regulations;
- Have a Bachelor’s degree in Information Security/Risk, Computer Science or equivalent experience
- Are able to jump in and handle new tasks as assigned
**May be required to travel domestically or internationally
Kudos to you if you:
- Have been exposed to Reciprocity Labs GRC Tools
- Can understand and write SQL scripts, RegEx, and shell scripts
- Have knowledge of Altassian’s Confluence and Jira
- Have knowledge of Pivotal Tracker, SpringCM, AWS, Tenable, TripWire, McAfee, F5, Cisco, Palo Alto, Splunk and Metasploit
- Have one or more relevant security certifications; CISSP, CISA, CISM, GIAC-GISP, GIAC-GCFA, CEH, PCI-ISA, etc.
- Proficiency with at least one scripting language (e.g.: Perl, Python, PowerShell)
- Job Location
- Chicago, Illinois, United States
- Position Type
- Full-Time/Regular