Cyber Security Information and Risk Management Engineer II

Profile

,AnswerValue:\u003cp\u003e\u003cspan\u003eJob Summary \u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan\u003eThe Cyber Security Information and Risk Management Engineer will identify, evaluate, and prioritize cyber risks and manage third-party risks, as well as assist in the management of security controls over information throughout its lifecycle. The Engineer will focus primarily on the maintenance of an effective risk program and facilitate the identification of risks, ensuring proper mechanisms are in place to mitigate risks in a manner consistent with global cybersecurity standards.\u0026nbsp; This role will collaborate with colleagues to develop risk-related security policies and standards, risk frameworks, and processes in an innovative and flexible way.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan\u003eThis role will work closely with various business units to implement the procedures and controls necessary to protect organizational assets, information systems, and data.\u0026nbsp; This position will interface with all levels of the organization and have access to security-sensitive information.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan\u003e\u003cb\u003eEssential Job Functions \u003c/b\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan\u003eCoordinate with internal business units to assist in the development of an effective cyber risk management program\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan\u003eManage and mature a risk framework and processes that allow for effective cyber risk monitoring, management, and reporting\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan\u003ePerform cyber risk assessments, evaluate, and prioritize cyber risk management activities across the organization\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan\u003eDevelop, implement, and perform third-party cyber security risk assessments based on cybersecurity standards\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan\u003eReview third-party contracts and ensure they are in line with our organization’s cyber risk tolerance\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan\u003eEnsure third-party vendors are aware and comply with our organization’s Cybersecurity policies and standards. Work with Legal to ensure cybersecurity requirements and external regulatory mandates are properly addressed in legal contracts\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan\u003eOversee the security of sensitive data across the organization and support in the design and implementation of information management controls to address identified risks\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan\u003eDevelop, enhance, and maintain Key Risk Indicator (KRI) framework and reporting\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan\u003eWork closely with leaders in IT and Operations functional areas to ensure security standards, policies, and procedures are deeply embedded and understood\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan\u003eDevelop and maintain our organization’s ability to track any outstanding findings, issues, or observations from external and internal assurance and oversight groups\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan\u003eResponsible for keeping abreast of the latest trends in governance, cybersecurity, risk, and compliance management\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan\u003e\u003cb\u003eMinimum Skills, Knowledge and Abilities \u003c/b\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan\u003eBachelors’ degree in Information / Data Management, Systems Engineering, Computer Engineering, Computer Science, or other closely related disciplines\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan\u003eMinimum of four (4) years experience in security functions, including risk management, information security, privacy or data protection or assurance-related function\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan\u003eTechnical and Functional experience in the domains of Governance, Enterprise Risk Management, and Regulatory Compliance\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan\u003eProven understanding of risk assessment methodologies, frameworks, and procedures and the ability to work flexibly with them to meet organizational size, maturity, and culture considerations\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan\u003eFacilitates IT governance implementation\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan\u003eExperience building a network of relationships across functions and liaising with senior management\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan\u003eAbility to think strategically about security risks and tie those to tactical organizational activities\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan\u003eDemonstrated ability to prioritize and execute tasks in a high-pressure environment\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan\u003eRequires self-motivated approach to work with keen attention to detail\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan\u003eEvidence of ability to work in a team-oriented, collaborative environment with minimal oversight, and ability to work well under tight deadlines and effectively interact with a wide range of personnel\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan\u003e\u003cb\u003ePreferred Minimum Skills, Knowledge and Abilities \u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp; \u003c/b\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan\u003e\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan\u003eAt least one of the following certifications is required or must be obtained within your first 12 months of employment CRISC, CISA, CISM, CISSP or CIPP\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan\u003eExperience working with a Governance Risk and Compliance tool\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan\u003eExperience with technical documentation related to GDPR, PCI DSS, ISO 27001, NIST CSF, SOC 2 and continuous monitoring\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan\u003eDemonstrate strong verbal and written communication skills as well as strong analytical and problem-solving abilities\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan\u003eProven knowledge of information management, asset management, data classification, and vulnerability resolution techniques\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan\u003eAbility to work independently or as a member of a team on various tasks\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003cli\u003e\u003cp\u003e\u003cspan\u003eProven ability to effectively research subject matter\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cspan\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan\u003e\u003c/span\u003e\u003c/p\u003e,

Company info

Detroit Tigers, Inc.