Cybersecurity Risk Management Program Lead
Salary undisclosed
Apply on
Original
Simplified
Job Description
Job Description
Client
WSI
Job Title
Cybersecurity Risk Management Program Lead
Placement type (FTE/C/CTH)
Contract, high likelihood of conversion
Duration
6 months, CTH
Location
Hybrid: Mon-Thur - onsite, either Rocklin or SF
Fri - WFH
Start Date
ASAP
Pay Rate Guidelines
$63/hour on w2
Work Authorization (open to ISS/C2C)
Must be able to convert without sponsorship
Interview Process
4 Rounds
Project Description
- Responsible for developing, implementing, and managing our organization's cybersecurity risk management program.
- Identify potential cybersecurity risks, help to identify mitigations, escalate matters requiring management attention, and oversee timely and effective remediation of risks to critical company information.
- Responsible for: providing support to business units in performing risk assessments, due diligence activities, and data management; ongoing oversight; and risk reporting.
Top Requirements
(Must haves)
Qual Notes
- Experience with a wide range of technology anticipate potential risks in a variety of technical
- Platforms UNIX/Linux, AS400, Windows
- Applications E-comm, retail, stores, corporate shared services, PCI requirements, SOX requirements
- Identify the kinds of risks that a multi-channel retailer is susceptible to
- Experience in presenting cybersecurity risk into business language board of directors/non-technical
- Experience with Mitre Attack Framework
- Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field. or equivalent experience
- Minimum of 7-10 years of experience in cybersecurity, with at least 5 years in a risk management role
- Proven experience in leading cybersecurity risk management programs
- Federal or Military risk management program experience is a big plus
- In depth knowledge of risk assessment and risk analysis
- Experience in the retail industry a plus
- Experience in a leadership role within a medium to large organization
- Understand information security holistically and how it relates to business goals
- Excellent written, oral, and interpersonal communications skills with proven ability to champion causes with positive impact and change
- Strong analytical skills
- Extensive knowledge and experience with information security standards and methodologies, including NIST 800-53, NIST CSF, PCIDSS, ISO 9000 series, COBIT, Sarbanes Oxley, HIPAA, and other relevant industry security standards
Additional Qualifications
(Nice to Haves)
- CISSP, CISM, CRISC or similar certification [e.g., GIAC Certified ISO-17799 Specialist (G7799)]
- Privacy Certification (e.g., Certified Information Privacy Professional)
- Experience interfacing with and communicating information on complex privacy and security compliance issues to senior management and business units and external parties
- Experience with the ServiceNow Integrated Risk Management (IRM) tool
- Experienced in reviewing contracts for security risks and negotiating security terms with third parties
Additional Notes
- Avoid
- Experience just in controls
- implementing controls
- Sox controls
- The right person will understand controls and be able to test controls but would not be their main focus
- Mature our ability to identify, articulate, and advise on the right controls to implement
- What are some tools that are comparable to ServiceNow IRM?
- Archer
- OneTrust
- Other GRC Tools
- About to migrate from SN GRC to SN IRM in 2026
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.
Report this job Similar Jobs