Senior - Info Sec and Tech Risk Assessments

As a member of the Digital Risk and Security Group (DRSG), your primary responsibility as a Digital Trust professional is to ensure the security, privacy, and trustworthiness of digital systems and assets within the organization. You will work closely with various stakeholders, including IT teams, business units, and management, to assess, implement, and monitor digital security measures and risk mitigation strategies.

Key Responsibilities:

Digital Security Risk Assessment: Conduct comprehensive assessments of digital systems, applications, and infrastructure to identify potential security risks and vulnerabilities. Analyze security controls, policies, and procedures to assess their effectiveness in protecting digital assets. Recommend and implement necessary security enhancements and controls.Cybersecurity Incident Response: Develop and implement incident response plans and procedures to effectively address and mitigate cybersecurity incidents. Coordinate incident response activities, including containment, investigation, remediation, and reporting. Collaborate with internal teams and external partners to ensure timely and appropriate response to security incidents.

Security Governance and Compliance: Assist in establishing and maintaining a robust security governance framework. Monitor compliance with internal security policies, standards, and industry best practices. Support internal and external audits, risk assessments, and compliance reviews. Provide guidance and recommendations for maintaining compliance with relevant regulations and standards.Security Awareness and Training: Promote a strong security culture within the organization through security awareness campaigns, training programs, and regular communication. Educate employees on security best practices, emerging threats, and their roles and responsibilities in maintaining digital trust. Conduct security awareness assessments and develop targeted training materials.

Security Incident Monitoring and Analysis: Monitor digital systems and networks for security incidents, intrusions, and abnormal activities. Use security monitoring tools and technologies to detect and analyze security events. Investigate security incidents to determine the root cause and implement appropriate remediation measures.

Third-Party Risk Management: Assess the security posture of third-party vendors and partners. Review and evaluate security controls and practices of external vendors to ensure they meet the organization's security requirements.

Collaborate with procurement and legal teams to incorporate security requirements into contracts and service-level agreements.Emerging Technology Evaluation: Stay abreast of the latest trends and advancements in digital technologies, such as cloud computing, mobile applications, Internet of Things (IoT), and artificial intelligence.

Assess the security risks associated with emerging technologies and provide recommendations for secure implementation.Security Metrics and Reporting: Develop and maintain security metrics and reports to track the effectiveness of security controls, incident response activities, and risk mitigation efforts. Communicate security-related information and trends to stakeholders and senior management in a clear and concise manner.