**Position Summary**:
As a member of the Corporate Infrastructure and Security - Risk & Assessments team, the Security Engineer is responsible for:
- Providing key input and assistance in the development and implementation of a global cybersecurity risk management program
- Maintaining and executing the risk management policy throughout the entire risk lifecycle
- Executing various risk analysis processes within the team including intake and analysis of reported risks, risk management, and ensuring teams are properly managing plans to reduce or eliminate risk
- Ensure consistency of security practice and standards across the organization
- Conduct Information Security assessments including and documenting controls, identifying potential gaps and or inconsistencies and making sound recommendations for improvement and/or migration
- Collaborate on the technical definitions and oversee implementation of security controls and requirements for systems, infrastructure and solutions
- Provide consultative advice ensuring security design for systems aligns with business needs and the company's security posture
- Cultivate and maintain strong working relationships with IT teams, Legal, Privacy, and Internal Audit.
This position will be part of a team that will be responsible for driving visibility and have understanding of information security risk management to contribute and influence strategic decision making across the enterprise.
**Risk Key Responsibilities**:
- Intake and analysis of identified cyber security issues and risks from a variety of sources including security assessments, compliance checks, automated vulnerability systems, and other internally or externally reported risks.
- Complete analyses and reports to develop a comprehensive view of risk across the company.
- Assist and track for accurate risk measurement and response activities, provide necessary information and analysis to help business leaders prioritize risks
- Review and track action plans developed by risk owners and ensure plans are completed appropriately
- Perform ad-hoc risk analysis as assigned
- Review and advise on internal security capabilities in the context of negotiations with customers or auditors.
- Perform other duties as assigned.
**Minimum Requirements/Qualifications**:
- 5+ years' experience in risk analysis, information risk management,, data privacy, information technology, or equivalent with exposure to cybersecurity and/or information security risk.
- Bachelor's Degree in Risk Management, Information Assurance, Information Security, Cybersecurity, IT, Law or Data Privacy or equivalent work experience.
- Experience with risk analysis.
- Ability to explain complex risk management topics to a broad audience
- Understanding of relevant industry frameworks such as ISO 27001 series, NIST 800-53, FISMA and others
- General understanding of cybersecurity technologies and controls with the ability to bridge the gap between governance and technical concepts
- Excellent writing skills, with experience as a writer or technical editor is considered a plus
- Demonstrated ability to complete work with mínimal direction and self-identify tasks
- Excellent written and oral communication skills with experience presenting to senior leadership
- Strong interpersonal, organizational, and excellent documentation skills
- Excellent customer service skills
- Relevant certifications such as CRISC, CISSP or CISA are considered a plus
- Experience of various risk management frameworks such as the NIST Risk Management Framework or Center for Internet Security Risk Assessment Methodology will be considered plus.
**Non-Negotiable Hiring Criteria**:
- Customer service mindset
- Strong attention to detail, organizational skills, time management
- Excellent verbal and written communication skills
- Ability to take direction and independently work through projects as required