Home > Delaware jobs > Delaware trades & labor jobs

Posted: Thursday, February 1, 2018 3:20 AM

The **Senior Information Security Third Party Risk and Compliance Consultant** supports enterprise adherence to information security controls and industry best practices by leading various initiatives to protect the confidentiality, integrity and availability of our information systems. We are seeking a self-motivated individual versed in information security control third party risk with a minimum of 10 years of experience in information security. The candidate will have a broad understanding of security controls and can collaborate across organizations to achieve mutual goals.
Responsibilities may include but are not limited to:
Facilitate SME discussions with various third parties to effectively understand security control effectiveness and document adherence to requirements and standards for the organization or risk realized through non-compliance
Research and understand emerging IT/IS risk factors and their impact on current control standards and/or documentation
Report and escalate issues appropriately and timely
Provide recommendation to leadership on program enhancements and strategic direction
The ideal candidate will have a well-rounded information security background including a strong understanding of Third Party Risk Management, information security controls, industry standards and best practices such as the NIST 800 series, NIST CSF, and ISO 27000 series. The candidate should understand and have experience with the security configuration, as well as, various design controls, regulatory, legal and contractual requirements impacting financial institutions (e.g. GLBA, SOX, FFIEC, GDPR and PCI). The candidate additionally will have or exhibit the following:
Strong writing skills with experience in documenting risk analysis results
Skilled in leading and coordinating work efforts of other team members to meet tactical and strategic goals
Experience with program management and measurement through development and implementation of process efficiency and effectiveness measurements
Ability to analyze and articulate implications of compliance requirements
Skilled at communicating technical information to non-technical audiences and stakeholders at every level of the organization
Ability to build and maintain relationships across diverse technical and non-technical teams
Effective in communication with management and senior leadership, as well as internal & external auditors/regulators
**Minimum Requirements:**
Bachelor's degree or equivalent work experience
Minimum of 10 years of experience in information technology and/or information security, risk management and compliance
Understanding of financial industry legal, regulatory and compliance requirements for information security
Demonstrated leadership with teams/individuals and large/complex enterprise projects
Effective communication
Proficient in MS Office tool suite including, Excel, PowerPoint, SharePoint and Visio
**Preferred Skills:**
Graduate/Master's level degree in the areas of business administration, information security, computer science, information technology management, technology auditing
Experience in risk and compliance management and process development in the areas of information technology and security
Highly skilled in developing executive-level presentations and strategies that include process diagrams and designs
Working knowledge of RSA Archer tool
Experience in Network and/or Database Administration
Industry certifications in the area of information security, project management and technology auditing including, CISSP, CISM, CGEIT, CISA, GIAC GSEC, and/or PMP
IT Project Management
**Job:** Information Technology
**Primary Location:** United States
**Shift:** 1st - Daytime
**Average Hours Per Week:** 40
**Requisition ID:** 170042715
U.S. Bank is an Equal Opportunity Employer committed to creating a diverse workforce.
Associated topics: attack, forensic, identity access management, iam, information assurance, leak, protect, security officer, threat, vulnerability


• Location: Dover

• Post ID: 8603797 delaware is an interactive computer service that enables access by multiple users and should not be treated as the publisher or speaker of any information provided by another information content provider. © 2018