at AlixPartners in Chicago, Illinois, United States
At AlixPartners, we solve the most complex and critical challenges by moving quickly from analysis to action when it really matters; creating value that has a lasting impact on companies, their people, and the communities they serve. By understanding, respecting, and honoring the needs of our employees, clients, and communities, AlixPartners actively promotes an inclusive environment. We strongly believe in the value that diversity brings to our experiences and are committed to the perpetual enhancements of initiatives, policies, and practices. We hold ourselves accountable by providing the space for authenticity, growth, and equity for everyone.
AlixPartners has embraced a hybrid work model to provide flexibility and support our employees' work-life integration. Our hybrid model combines a mix of in-person at an AlixPartners office (Tuesday, Wednesday, & Thursday) and remote working options for Monday and Friday.
What you'll do:
As a member of the Information Security team, the IS GRC Lead will lead the design and operations of the Information Security risk management program. The IS GRC Lead will provide technical expertise by identifying new and emerging threats for inclusion in risk register, analyzing risk, and manage the platform(s) used to conduct and report on the results of risk assessments. This person will consult and interface with IT senior leadership, IT staff, and non-IT departments to conduct risk analysis and to make recommendations on how to reduce overall risk.
The Information Security Governance, Risk, & Compliance Lead is a full-time position located in Southfield, MI, Chicago, IL, or Dallas, TX reporting to the Information Security Governance, Risk, & Compliance Director. Paid relocation is not available.
Security Risk Management
Create and maintain a 3-year strategic roadmap to continue to mature the Risk Management program
Conduct an annual Risk Management maturity assessment
Lead IT senior leadership in the completion of the annual risk assessment required to support client and compliance audits and periodic risk assessments as determined
Manage the review and analysis of risk register in ServiceNow
Identify threats and business activities that introduce risk to the company
Conduct quantitative and qualitative risk assessments
Produce reports and metrics that support the analysis from the risk assessment and be able to articulate the findings to both technical and non-technical audiences and collaborate with risk owners on risk treatment strategies
Manage and oversee the vendor risk management processes
Manage and ensure security assessments are conducted to reduce risk for various projects within the organization
Manage the review of issues and policy exceptions to ensure risk is being managed appropriately
Author and update policies, standards, and procedures that are related to security risk management
Lead cross training activities with IS GRC team to ensure backup support is available
Stay current on security industry trends, new threats and attack techniques, mitigation techniques, and emerging security technologies
Keep abreast of the latest information security and privacy laws and regulations; ensure compliance both with internal security policies and applicable laws and regulations
Measure and report metrics to IS GRC Director and CISO
Improve security efficiency, streamline, and automate work processes while working collaboratively with other team members and IT staff to accomplish objectives
Participate, as needed, in critical incidents and implementation reviews
Additional responsibilities as identified. This description is not designed to encompass a comprehensive listing of required activities, duties, or responsibilities
What you'll need:
Bachelor's degree in Information Technology or related field recommended; relevant experience may be considered in lieu of education
Minimum seven (7) years of professional work experience
Experience within Information Security, Risk, Compliance, Audit or Information Technology
Experience with ServiceNow GRC
Experience with FAIR methodology
Certified in Factor Analysis of Information Risk (FAIR) and Certified in Risk and Information Systems Control (CRISC)... For full info follow application link.
AlixPartners is a global firm of senior business and consulting professionals that specializes in improving corporate financial and operational performance, executing corporate turnarounds and providing litigation consulting and forensic accounting services when it really matters – in urgent, high-impact situations. More information is available at www.alixpartners.com.
All qualified applicants will receive consideration for employment without regard to among other things, race, color, religion, sex, sexual orientation, gender identity, national origin, (age), status as a protected veteran, or disability. AlixPartners is a proud Bronze award-winning Veteran Friendly Employer.