Epicareer Might not Working Properly
Learn More

Cybersecurity Risk Management Program Lead-only W2 Hybrid in Rocklin, CA or San Francisco, CA

Salary undisclosed

Apply on


Original
Simplified
op Requirements:
Retail Experience
Supply Chain Experience if no retail
Deep compliance experience
Need someone to come in a tailor the cybersecurity framework to the NIST standard
Current framework we are using a tool-based approach Risk module within Service now GRC (out of the box risk assessment platform)
Strong background in cybersecurity, risk management, and regulatory compliance
Experience with a wide range of technology anticipate potential risks in a variety of technical
Platforms UNIX/Linux, AS400, Windows
Applications E-comm, retail, stores, corporate shared services, PCI requirements, SOX requirements
Identify the kinds of risks that a multi-channel retailer is susceptible to
Experience in presenting cybersecurity risk into business language board of directors/non-technical
Experience with Mitre Attack Framework
Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field. or equivalent experience
Minimum of 7-10 years of experience in cybersecurity, with at least 5 years in a risk management role
Proven experience in leading cybersecurity risk management programs
Federal or Military risk management program experience is a big plus
In depth knowledge of risk assessment and risk analysis
Experience in the retail industry a plus
Experience in a leadership role within a medium to large organization
Understand information security holistically and how it relates to business goals
Excellent written, oral, and interpersonal communications skills with proven ability to champion causes with positive impact and change
Strong analytical skills
Extensive knowledge and experience with information security standards and methodologies, including NIST 800-53, NIST CSF, PCIDSS, ISO 9000 series, COBIT, Sarbanes Oxley, HIPAA, and other relevant industry security standards
Nice to have:
CISSP, CISM, CRISC or similar certification [e.g., GIAC Certified ISO-17799 Specialist (G7799)]
Privacy Certification (e.g., Certified Information Privacy Professional)
Experience interfacing with and communicating information on complex privacy and security compliance issues to senior management and business units and external parties
Experience with the ServiceNow Integrated Risk Management (IRM) tool
Experienced in reviewing contracts for security risks and negotiating security terms with third parties
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.
Report this job