Information Security and Risk Manager
Company: Fisher Investments
Location: Portland
Posted on: November 13, 2024
|
|
Job Description:
It's an exciting time to join Fisher Investments; we're
investing in the future of our firm's technology and information
security. Our business is growing internationally, which emphasizes
the need to build an unparalleled team that promotes future global
growth through strategic solutions and progress. We are important
to supporting our firm's diverse businesses, and we are excited to
continue solidifying that foundation as we add more experienced
technologists to our Technology team.
The Information Security Risk Management position, reporting to the
Associate VP of Information Security, will work with Information
Security, Technology, Project, and Enterprise Risk Management teams
to perform technology risk analysis and recommend controls. You
will also develop, recommend, and implement technology risk
practices following Fisher Investments Digital Asset risk
management goals.
Represent Information Security in Enterprise Risk Management
technology reviews for Digital Assets, including evaluation of
inherent risk, researching vendor practices and controls,
recommending new practices and controls, and estimating residual
risk
* Continuously mature Enterprise Risk Management evaluation
procedures for Digital Assets
* Continuously collaborate with Information Security, Technology,
and Data Privacy Subject Matter Experts to determine efficacy of
technical and practical Digital Asset controls
* Research new possible technical and practical Digital Asset risk
controls
* Perform security-focused risk and gap assessments to identify,
document and track security risks associated with Cloud and
physical IT infrastructure and services, Applications, Information
systems, and Vendors/other third parties
* Identify risk levels and associated controls to manage risk
levels applying both quantitative and qualitative techniques
* Translate risk management measures from technical to business
language
* Provide security risk services to business owners and
partners
* Understand and maintain a broad knowledge of methodologies and
technologies in the area of risk assessments and controls
measures
3+ years of experience in Enterprise Risk Management for Digital
Assets, including development of risk evaluation processes, control
evaluations and recommendations, and vendor research
* 3+ years of experience in Digital Asset audit review experience
(including SOC 2 Type II, SOX compliance, PCI compliance,
vulnerability reports, retention policies)
* Knowledge of Information Security and risk standards and
frameworks such as NIST 800-53, CIS benchmarks, OWASP, ISO-27001,
and COSO
* Experience assessing risk or implementing controls in a
cloud-based enterprise environment
* Extensive knowledge of information systems, risk assessment
methodologies and security control technologies
* Ability to balance risks in ambiguous and complex scenarios
* Experience in GRC platforms
Eligible for a discretionary bonus based on firm and individual
performance
Why Fisher Investments:
We work for a bigger purpose: bettering the investment universe.
It's the people that make the Fisher purpose possible, and we
invest in them by offering exceptional benefits like:
* 100% paid medical, dental and vision premiums for you and your
qualifying dependents
* 20 days of PTO, plus 10 paid holidays
* Family Support programs including 8 week Paid Primary Caregiver
Leave, fertility, family forming, and hormonal health assistance
and back-up child, adult, and elder care
* $Opportunity to participate in our hybrid work from home program.
Based on tenure and performance eligibility, you will have the
opportunity to work from home up to 75 days per year
FISHER INVESTMENTS IS AN EQUAL OPPORTUNITY EMPLOYER
Keywords: Fisher Investments, Portland , Information Security and Risk Manager, Executive , Portland, Oregon
Click
here to apply!
|