Fortress Information Security

Director, Third Party Risk Management

US-VA-Reston
1 week ago
Job ID
2017-1332
# of Openings
1
Category
Cyber Security
Type
Regular Full-Time

Overview

At Fortress, we go beyond our clients’ traditional perimeter by applying our risk mitigation technology platform — powered by security researchers, engineers, consultants, analysts and legal experts. When you engage Fortress to secure your internet, you are unleashing a multifaceted team of experts who are ready to Understand, Visualize, and Identify Risks in your perimeter. Fortress partners with clients, addressing their most complex cyber-vulnerability questions and boosting their overall security resilience.

Responsibilities

  • Cyber Strategy, Governance, Risk Management & Compliance
  • Engage leaders from Technology and the business to understand and prioritize cybersecurity risks through formal risk assessments
  • Maintain a security strategy that incorporates business and technology objectives and outputs from risk assessments
  • Develop and maintain roadmaps and budgets
  • Create tools for regular reporting of the security program, activities and progress across all areas including Secure Design & Architecture and Security Operations
  • Build processes and tools to provide the business visibility of cybersecurity risks and drive accountability
  • Assist in development and maintenance of policies, standards, processes, and procedures to assess, monitor, report, escalate and remediate risk and compliance issues
  • Educate and advise technology and business executives as needed on technology risk and compliance issues as well as appropriate mitigation strategies and approaches related to security and risk management
  • Responsible for managing customer compliance programs, which may include PCI, NIST, HIPAA, FFIEC and various state regulations 
  • Help customers to promote a cyber security aware culture by developing and launching a creative and engaging awareness program
  • Mature and formalize a third party risk program
  • Work to identify and cultivate strong relationships with members of the organization outside of Technology
  • Maintain and spread awareness of trends in the threat landscape
  • Serve as the primary point of contact for cybersecurity maturity reviews performed on customers 
  • Liaise with other departments to integrate security into key organizational processes
  • Travel - 25-30%

Qualifications

  • Professional certification in information security (for example, CISSP, CISM or CISA) required
  • Minimum six (6) years of information security experience in increasingly responsible roles required
  • Must have well developed change management skills; be effective in working across organizational boundaries to build a case for changes, and to execute on the change plan - from strategy through to ongoing operation and process improvement
  • Experienced in, and able to formulate, the cost effectiveness benefit of security initiatives in the context of overall business risk mitigation and the company's operational objectives
  • Must possess great oral and written communication skills
  • Demonstrated knowledge of recognized security industry standards and leading practices (e.g., SANS 20, PCI, OWASP, NIST)
  • Demonstrated understanding of technological trends and developments in the areas of information security, risk management, web architectures and cloud computing.
  • Experience working with teams and presenting to customers

Options

Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed