This role is for Cyber Risk Team in IBM CISO organization which is globally responsible for managing cybersecurity risks, es...
This role is for Cyber Risk Team in IBM CISO organization which is globally responsible for managing cybersecurity risks, establishing risk management roles and responsibilities and implementing organization-wide risk management strategy.
Candidate will be responsible for enhancing the effectiveness of operational security risk management across the organization. The candidate will deploy and manage IBM?s agile security risk management framework to Business Unit Information Security Officer (BISO), senior executives, security teams, developers, architects and other asset owners in the Business Units and ensure the framework is used to consistently identify and assess cybersecurity risks they encounter in day-to-day operation. The candidate will develop and implement education programs to increase the risk awareness amongst asset owners and Business unit teams. Candidate will monitor operational security risks for suspicious patterns and work with the respective BISOs to investigate and mitigate the risk. The candidate will develop and implement security metrics to maintain operational risks at an acceptable tolerance level. Position must be based at either Armonk, NY, Raleigh, NC or Herndon, VA offices.
- Serve as cybersecurity risk advisor for agile security risk management framework
- Liaison with Business Unit teams to identify, document, assess and mitigate cybersecurity risks
- Educate business unit teams on identifying cybersecurity risks in day-to-day operations
- Familiarize with organization?s agile security risk management framework and use the framework to manage operational security risks
- Should have capability to develop an understanding of organization?s business operations and related security requirements, challenges and concerns.
- Analyze operational risk data and provide meaningful insight for the management
- Be knowledgeable about current security threats, events and breaches in the industry
- Broad knowledge and understanding of various security domains, including cloud security, IoT, application security or Blockchain and emerging threats, vulnerabilities and attack methods
- Analytical skills to correlate operational risk data and identify critical risk/ issue patterns
- Ability to clearly articulate security risks and exposures to BISOs, BU security teams and asset owners and coordinate mitigation activities
- Strong knowledge of cybersecurity industry standards, laws and regulations such as ISO 27001, NIST, COBIT, etc.
- Ability to collaborate with numerous and diverse stakeholders in cross-geo locations working in different time zones
Required Technical and Professional Expertise
- Minimum 10 years of experience in cybersecurity field and at least 3 years of experience in Cloud or IoT architecture or application security or Blockchain
- Experience conducting risk assessment for complex cloud environments, DevOps environments, or IoT devices.
- Experience implementing risk management frameworks or conducting risk assessments, security audits, ISO 27001 certification.
- Good program and project management skills and technology expertise
- Strong analytical & communication skills required
Preferred Tech and Prof Experience
- Experience working with Big data and analysis tools
- Professional certification such as CISSP, CISA
- Broad domain knowledge on agile development methodologies
IBM is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.
- provided by Dice