Director, IT Risk Management This role is part of NCR’s Global Information Security team. This team is responsible for developing and implementing NCR’s corporate information security program. The primary goal of the program is to protect the confidentiality, integrity and availability of information resources. Key information security functions and activities include architecture and design for NCR information security controls, developing and enforcing policies and standards, security awareness training, risk management, assessment and testing, monitoring and metrics, incident management, and threat and vulnerability management.
The Director, IT Risk Management role provides strategy development and operational execution for NCR’s overall IT Risk Management program, performing security testing on NCR network, infrastructure, and application assets, internal penetration testing, US audit oversight, application security, Business Continuity Planning (BCP), and Disaster Recovery (DR) planning. This requires full engagement with staff throughout NCR's technology and business-related departments as well as external vendors and service providers.
Key Responsibilities
• Define strategy for inclusion of security into SDLC within corporate IT and division business software/product delivery functions and execute on the strategy
• Perform regular IT risk assessment and security testing for internally developed and third party applications
• Perform annual overall, enterprise IT risk assessment
• Define and execute on strategy for Governance, Risk, and Compliance (GRC) workflows in NCR’s GRC system
• Define education programs for developers and product management staff
• Perform red team style internal penetration testing to exercise detection and response capabilities
• Define NCR BCP and DR framework and deploy to NCR enterprise
• Perform external penetration testing on NCR’s global Internet points of presence and customer facing businesses
• Define metrics and measurements for penetration testing, BCP/DR, IT Risk, and application security regimen
• Identify and champion improvements to policy, standards and procedures associated with IT risk management domains
Skills And Qualifications
• Ten years of experience in information security
• Bachelor's degree in Information Security, Computer Science, Computer Engineering, or related degree program
• CISSP certification preferred
• Strong communication skills and ability to work in a collaborative atmosphere
• Strong attention to detail
• Firm understanding of information security and attack types and methodologies
• Experience with software development methodologies and practices
• Experience with custom scripting and automation is a plus
• Ability to deal with ambiguity and translate high level objectives into detailed tasks • Ability to prioritize work with multiple, simultaneous work assignments • Ability to weigh business risks and enforce appropriate information security measures • U.S. Citizen or Permanent Resident
Pass it on for Referral Bonus. Not the right role for you, but know someone we should meet? Share with him to earn $1,000 referral bonus.
Posts
