Security Risk Manager

What we're looking for...

The position will assist with the development, implementation, and execution of a corporate risk management/assessment program including performing risk assessments and contract evaluations for vendors and customers. The position requires a strong understanding of information security controls, including frameworks such as NIST and ISO27001. Additionally, this position requires that the applicant have a strong understanding of the risk frameworks, operational risks, and the execution of risk management processes and governance.

What you'll be doing...

• Manage the overall capabilities and operating framework of the Risk Management Program (structure, people, and project delivery processes), articulating the service delivery process, and managing the measurement metrics.
• Coordinate and perform a full cycle of the third-party security risk management activities, including risk identification, assessment, mitigation, monitoring, and reporting
• Coordinate and conduct Vendor Risk assessments, review documentation provided (including independent assessments, certifications, pen-test, etc.) and issue reports
• Coordinate and conduct customer security reviews
• Collaborate with internal and external auditors to ensure that appropriate controls are installed, operating properly, and being monitored and reported
• Understand and keep abreast of emerging technologies and how they can impact the business.
• Comply with delivery SLA's and provide periodic status updates including potential risks and delays to the project delivery to project manager. 
• Support various GRC efforts such as third party due diligence, security awareness and data loss prevention
• Take part in shaping the future of our security organization

Qualities you possess...

• Bachelor's Degree or equivalent required
• 4+ years experience in IT audit/Security Assessment/Risk Management/Certification
• Understanding of third-party risk management techniques, security IT control evaluation, and security control management lifecycle
• Professional designations preferred: CISSP, CRISC, CISA, CTPRP, CDPSE, Security+, CISM
• Prior experience assessing SOC 2 reports is preferred.
• Familiarity with GRC tools and 3rd party risk assessment tools
• Strong understanding of information security principles, architecture, and methodologies (including control design and risk assessment)
• Solid understanding of IT audit and security control evaluation methodologies
• Solid understanding and experience with security risk management, covering the full lifecycle of activities, including risk identification, assessment, mitigation, monitoring, and reporting
• Understanding of COBIT, ISO27000, NIST CSF, SOC 2and/or HITRUST frameworks
• Knowledge of single sign-on integration with on premise and cloud toolset
• Knowledgeable of Network Design and Project Management methodologies
• Significant experience in collaborating across organizational boundaries and building partnerships across various functions 

Benefits & Perks

• A remote-first culture - work from home or come into the office, it's totally up to you.
• Comprehensive medical, dental and vision plans.
• 401(k) plan with employer match.
• Flexible Paid Time Off (FTO) so that you can take the time that you need to re-energise.
• Volunteer Time Off (VTO) - take two days off per calendar year to volunteer with your preferred charitable organization.
• 5-year Service Milestone Sabbatical.
• Paid parental leave.
• Generous employee referral bonus program.
• Pet insurance.
• HQ Office centrally located in Reston Town Center featuring a well-stocked kitchen with rotating snacks and beverages, and catered lunch on Thursdays.
• Regular virtual company-wide events, including cooking classes, yoga, meditation and more.
• The opportunity to learn and develop from some of the best and brightest minds in the industry!

Don’t meet every single requirement? Studies have shown that women and people of color are less likely to apply to jobs unless they meet every single qualification. At ScienceLogic, we are dedicated to building a diverse, inclusive and authentic workplace, so if you’re excited about this role but your past experience doesn’t align perfectly with every qualification in the job description, we encourage you to apply anyways. You may be just the right candidate for this or other roles.

 All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or any other applicable legally protected characteristics in the location in which you are applying.

About ScienceLogic

ScienceLogic is a leader in IT Operations Management, providing modern IT operations with actionable insights to resolve and predict problems faster in a digital, ephemeral world. Its solution sees everything across cloud and distributed architectures, contextualizes data through relationship mapping, and acts on this insight through integration and automation.

www.sciencelogic.com

#LI-Remote