Cybersecurity Risk Management Program Lead at Kforce Inc.
Rocklin, CA 95765
About the Job
- Security Risk Management Program Lead will improve and maintain the company's comprehensive cybersecurity risk management program
- Ensure alignment of the program with industry standards and regulatory requirements (e.g., NIST Cybersecurity Framework, NIST 800-53, GDPR, etc.)
- Conduct regular cybersecurity risk assessments on technology environments to identify potential threats and vulnerabilities
- Employ threat modeling techniques to determine risk exposure
- Develop risk mitigation strategies and oversee their implementation
- Monitor and report on the effectiveness of risk mitigation measures and make necessary adjustments
- Provide guidance on policies, procedures, and standards to manage cybersecurity risks and promote their sound implementation throughout the organization
- Utilize the ServiceNow Integrated Risk Management (IRM) tool to track, manage, and report on risks
- Serve as the primary point of contact for cybersecurity risk issues and queries
- Build and maintain strong professional relationships and partnerships with key business teams
- Collaborate with various departments to ensure cybersecurity risk management practices are integrated into all business processes
- Liaise with external stakeholders, including auditors and regulatory bodies, to ensure compliance and address concerns
- As a Security Risk Management Program Lead, you will develop cybersecurity risk management training materials for employees
- Communicate risk management strategies and policies to all levels of the organization
- Prepare and present regular reports on the status of the cybersecurity risk management program to senior management and the board of directors
Requirements:
- Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field, or equivalent experience
- Minimum of 7-10 years of experience in cybersecurity, with at least 5 years in a risk management role
- Proven experience in leading cybersecurity risk management programs
- In depth knowledge of risk assessment and risk analysis
- Experience in the retail industry a plus
- Experience in a leadership role within a medium to large organization
- Understand information security holistically and how it relates to business goals
- Excellent written, oral, and interpersonal communications skills with proven ability to champion causes with positive impact and change
- Strong analytical skills
- Extensive knowledge and experience with information security standards and methodologies, including NIST 800-53, NIST CSF, PCIDSS, ISO 9000 series, COBIT, Sarbanes Oxley, HIPAA, and other relevant industry security standards
- CISSP, CISM, CRISC or similar certification (e.g., GIAC Certified ISO-17799 Specialist (G7799))
- Privacy Certification (e.g., Certified Information Privacy Professional)
- Experience interfacing with and communicating information on complex privacy and security compliance issues to senior management and business units and external parties
- Experience with the ServiceNow Integrated Risk Management (IRM) tool
- Experienced in reviewing contracts for security risks and negotiating security terms with third parties
- Strong background in cybersecurity, risk management, and regulatory compliance
- Experience in the retail industry
- In-depth knowledge of cybersecurity frameworks such as NIST CSF and/or NIST 800-53
- Proven track record of leadership, strategic planning, and project management
- Strong analytical and problem-solving skills
- Excellent communication and interpersonal skills
The pay range is the lowest to highest compensation we reasonably in good faith believe we would pay at posting for this role. We may ultimately pay more or less than this range. Employee pay is based on factors like relevant education, qualifications, certifications, experience, skills, seniority, location, performance, union contract and business needs. This range may be modified in the future.
We offer comprehensive benefits including medical/dental/vision insurance, HSA, FSA, 401(k), and life, disability & ADD insurance to eligible employees. Salaried personnel receive paid time off. Hourly employees are not eligible for paid time off unless required by law. Hourly employees on a Service Contract Act project are eligible for paid sick leave.
Note: Pay is not considered compensation until it is earned, vested and determinable. The amount and availability of any compensation remains in Kforce's sole discretion unless and until paid and may be modified in its discretion consistent with the law.
This job is not eligible for bonuses, incentives or commissions.
Kforce is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.
By clicking “Apply Today” you agree to receive calls, AI-generated calls, text messages or emails from Kforce and its affiliates, and service providers. Note that if you choose to communicate with Kforce via text messaging the frequency may vary, and message and data rates may apply. Carriers are not liable for delayed or undelivered messages. You will always have the right to cease communicating via text by using key words such as STOP.
