Mid-Level Information Security & Privacy Advisor – Risk & Controls

Role Overview

• Provide critical support and hands-on expertise in managing Information Security and Privacy risks and controls across various technology initiatives
• Identify and assess risks, drive remediation efforts for audit and exam findings, manage security-related issues
• Conduct rigorous control testing and validation
• Partner closely with engineering, product, and other business units to ensure robust security controls are implemented and maintained
• Conduct ongoing supervision and oversight of business controls, including monitoring of the first line of defense to minimize risk exposures and strengthen the overall control environment

Requirements

• Bachelor’s degree; OR 4 years of related experience may be substituted in lieu of degree
• 4 years of experience supporting risk-related, compliance-related, or business control design activities; OR 4 years of experience in a relevant quantitative discipline; OR Advanced degree or designation in a risk management or quantitative discipline, and 2 years of experience supporting risk-related, and/or compliance-related, or business control design activities; OR PhD in a risk management or quantitative discipline
• Deep technical understanding of Cybersecurity principles, common vulnerabilities, and security control mechanisms across various domains
• Certifications such as CISSP, CISM, CRISC, CIPP, or GIAC certifications are highly desirable
• Familiarity with security frameworks (e.g., NIST Cybersecurity Framework, ISO 27001) and their application in control design and assessment

Tech Stack

• Cyber Security

Benefits

• Comprehensive medical, dental and vision plans
• 401(k)
• Pension
• Life insurance
• Parental benefits
• Adoption assistance
• Paid time off program with paid holidays plus 16 paid volunteer hours
• Various wellness programs
• Career path planning and continuing education assistance