The Information Security Risk Manager is a crucial leader in TriNet’s organization, responsible for helping to establish and maintain TriNet’s risk management program, which is designed to ensure that the company’s IT systems and information assets are adequately protected. The individual in this position is responsible for identifying and evaluating on information security risks in a manner that meets TriNet’s regulatory and other compliance requirements. The individual works proactively with the various clients, business units and other internal departments and organizations to implement practices that meet TriNet’s defined policies and standards for information risk management.
A successful candidate will demonstrate an ability to work independently and in an organized manner. They will communicate very effectively, manage their workload independently and coach others to success. They will demonstrate strong technical ability and experience, as well as diplomacy and the ability to work calmly under pressure.
• Plans, executes and conducts ongoing risk assessment, self-assessment and reviews of various operations, including assessing risks, determining scope, executing test procedures, reporting results and making recommendations for improvement.
• Evaluates compliance with legal, regulatory, operational and IT policies and procedures, and partners with stakeholders to develop sustainable remediation plans to compliance issues and control gaps, and actively drives issues and risks to closure.
• Works with others to help identify advanced security risks and exposures, determine the causes of security violations, designs and recommends solutions to prevent and mitigate future incidents. This will include identifying applications of functional knowledge and existing methodologies to highly complex problems.
• Follows up on deficiencies identified in monitoring reviews, self-assessments, automated assessments, and internal and external audits to ensure that appropriate remediation measures have been taken.
• Evolves the operational risk monitoring program to identify opportunities for enhancements and manages the risk exception process.
• Partners with the IT organization to implement and maintain TriNet’s integrated control framework, which includes requirements from NIST CSF, COBIT, HIPAA, etc.
• Ensures ongoing compliance with statutory and regulatory requirements, anticipating future legislation, enforcing adherence to requirements, filing financial reports and advising management on needed actions
• Manages, markets, and leads information security awareness training
• Leads special projects and preforms various ad-hoc reporting or analysis as needed
JOB REQUIREMENTS AND QUALIFICATIONS
• BS or MA in Computer Science, Information Security, or a related field
Training Requirements (licenses, programs, or certificates):
• Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA) or Certified Information Security Manager (CISM)
• 8+ years of Experience in developing IT Risk Management program strategies, operating models, policies, standards and reporting structures/metrics
• Excellent aptitude for modern IT Risk & Compliance concepts and methodologies.
• Must have expert-level ability to identify and assesses the severity and potential impact of risks and communicate risk assessment findings to risk owners in a way that consistently drives objective, fact-based decisions about risk that optimize the trade-off between risk mitigation and business performance.
• Is a thought-leader, expert on emerging trends and technologies and able to apply current threats to the TriNet’s business model.
• Expert level knowledge of IT policies, laws, standards and frameworks applicable to the specific technical role e.g. NIST, ISO31000, ISO27000, and COSO.
• Comprehensive knowledge of IT risk, security architecture design, network security, cloud/mobile security, data security and internal/external threat intelligence/analysis
• Very strong verbal and non-verbal communication skills; able to communicate/present technical security details to a wide range of audiences
• Able to develop risk management processes and workflows and then train and coach users of those workflows.
• Hands-on experience with risk assessment methodologies like CIS RAM, FAIR, OCTAVE, etc. a strong plus
Other Knowledge, Skills and Abilities:
Candidates will be evaluated based on their ability to perform the duties listed above while demonstrating the skills and competencies necessary to be highly-effective in the role. These skills and competencies include:
• An ability to identify and assesses the severity and potential impact of risks and communicate risk assessment findings to risk owners outside Information Security in a way that consistently drives objective, fact-based decisions about risk that optimize the trade-off between risk mitigation and business performance
• BIG 4 audit experience preferred or internal audit experience in a large multinational organization
• Ability to communicate effectively (both oral and written) and develop solid working relationships across multiple levels and organization boundaries
• An understanding of organizational mission, values, and goals and consistent application of this knowledge
• Ability to see ‘ambiguity’ as an opportunity as opposed to a hurdle, thrive on challenging yourself to push beyond conventional thinking.
• Excellent prioritization capabilities, with an aptitude for breaking down work into manageable parts, effectively assessing the priority and time required to complete each part
• An ability to work on several tasks simultaneously and pay attention to sources of information from inside and outside one’s network within an organization
• Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one
WORK ENVIRONMENT/OTHER INFORMATION (Travel required, physical requirements, on-call schedules, etc.)
• Work in clean, pleasant, and comfortable office setting
• The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Please Note: TriNet reserves the right to change or modify job duties and assignments at any time. The above job description is not all encompassing. Position functions and qualifications may vary depending on business necessity.
TriNet is an Equal Opportunity Employer and does not discriminate against applicants based on race, religion, color, disability, medical condition, legally protected genetic information, national origin, gender, sexual orientation, marital status, gender identity or expression, sex (including pregnancy, childbirth or related medical conditions), age, veteran status or other legally protected characteristics. Any applicant with a mental or physical disability who requires an accommodation during the application process should contact a company manager, a company officer or a TriNet HR representative to request such an accommodation.