Conduct comprehensive security risk assessments of enterprise systems and processes, as well as provide recommendations for risk mitigation.
Review, analyze, and provide recommendations for policy, standard, and baseline configuration exceptions.
Perform vendor risk assessments to include inherent & residual risk identification, analysis, and mitigation, and additionally track risk remediation to completion.
Provide recommendations for vendor contractual requirements stemming from vendor risk assessment outcomes.
Serve as a project security advisor including risk analysis gate checks in the secure SDLC process.
Conduct thorough threat modeling exercises to identify potential security vulnerabilities and risks.
Stay current on security trends, threats, and best practices to continuously improve the organization's security posture.
Perform other duties as assigned.

5-8 years of IT security, privacy, audit, controls and regulatory compliance, or related experience.
Experience conducting risk assessments aligned with industry standard frameworks & standards.
Advanced understanding of IT domains: infrastructure, networking, storage, databases, operating systems, cloud, applications, etc.
Strong understanding of security technologies and domains, including: SSO, IAM, DLP, EDR, SIEM, firewalls, gateways, IDS/IPS, CASB, antivirus, SSDLC, cryptography, PKI, etc.
Knowledge of risk and control frameworks/standards (e.g., NIST CSF, NIST 800-53, ISO/IEC 27001, NIST 800-30, ISO/IEC 27005, etc.).
Oral and written communication skills, demonstrating the ability to convey complex technical and security concepts and terminology to non-technical stakeholders.
Ability to manage multiple projects/tasks simultaneously, including the ability to delegate key areas of responsibility.
Ability to successfully liaise with individuals across a wide variety of operational, functional, and technical disciplines.
Excellent analytical, problem-solving, and critical-thinking skills.

Senior Security Risk Management Specialist

Key skills