Sr Risk Assessor

Company: SPECTRUM
Location: Littleton
Posted on: January 19, 2023

Job Description:

Company Overview
Spectrum is the nation's fastest-growing mobile provider and leading internet provider. Our tech teams create, develop, and operate leading connectivity products serving nearly 100 million users and 500 million devices. We connect people to what's next.

This position is eligible to work in a hybrid work model (combination of in-office and remote days).

JOB SUMMARY
Leverage industry and deep technical expertise to assist leadership teams in effectively addressing enterprise security risks. Enhance internal audit functions to further align to organizational strategy and recommend opportunities to effectively mitigate risk. Improve business performance by increasing value and reducing costs of compliance-related activities. Apply Enterprise Risk Management concepts to help the organization identify, assess, and mitigate emerging risks. In addition, this position will coach and mentor team members and make recommendations to audits and findings and serve as escalation point in absence of leadership for team members and external department inquiries.

MAJOR DUTIES AND RESPONSIBILITIES
Actively and consistently supports all efforts to simplify and enhance the customer experience.

Conduct technical risk assessments for the enterprise to identify threats, risks, and controls through governance, compliance, identification, and validation.

Perform IT Technical audits involving internal and external audits, technology focused risk assessments, third party security assurance activities, and vendor based systems.

Conduct testing of compliance controls by reviewing documentation and evidence, performing observations, and documenting results.

Provide oversight and give recommendations on security assurance activities and programs to include governance, policy, control design, general operational effectiveness and internal controls.

Manage all project planning and execution for risk assessment processes to identify and address department/organizational risks.

Identify findings during risk assessments and make recommendations to improve security infrastructure by maintaining deep subject matter expertise of technical and operational information security, technical privacy, and/or standard industry practices.

Define the security controls and processes appropriate for department and/or organization post assessment leveraging thorough technical and operational knowledge of Information Security best practices and industry standards.

Advise on remediation of findings discovered during audits and control testing.

Provide guidance on risk assessment process and procedures, requirements, and controls to leadership teams in order to understand risk findings and implement control solutions to prevent reoccurrences.

Liaise with business groups to provide awareness for IT security services, understand key security principals to apply, and gain an understanding of their programs to provide security-related assistance where needed requiring strong business knowledge and security domain expertise.

Coach and mentor team members and make recommendations to team's audits and findings (peer review) as needed.

Maintain subject matter expertise in IT Internal Audit principles and methodologies and security services to provide education to team members, leadership teams, and external departments.

Serve as escalation point in absence of leadership for team members and external departments' inquiries.

Monitor workflow of team's engagements, audit schedule, and testing timeframes and provide recommendations to prioritize team deliverables.

Update and review department documentation, procedures and program effectiveness as needed.

Perform other duties as assigned.

REQUIRED QUALIFICATIONS
Required Skills/Abilities and Knowledge

• Ability to read, write, speak and understand English
• Advanced knowledge of control testing the following audit/assessment frameworks:
• Payment Card Industry (PCI), Sarbanes Oxley (SoX)
• Health Insurance Portability and Accountability Act (HIPAA)
• National Institute of Standards and Technology (NIST 800-53)
• Customer Proprietary Network Information (CPNI)
• Other authoritative sources related to specific business situations
• Advanced knowledge of the technical aspects of: IT Audits, IT Risk Management, Information Security and/or Technical Privacy.
• Advanced experience of audit and/or Information Security practices and frameworks for large organization.
• Advanced knowledge of Information Security strategy, organization, policy and Governance
• Knowledge in utilization of network and application security assessment tools and methodologies to manage and address security and control issues with the following technologies: UNIX, Windows Servers, databases (Oracle, SQL, DB2, etc.), mainframe, firewalls, routers, wireless environments, mobile devices, and cloud computing.
• Ability to translate technical terms to non-technical (business) colleagues and non-technical (business) terms to technical colleagues.
• Ability to be adaptable and flexible while working in a dynamic environment
• Foster and maintain relationships with key stakeholders, departmental leadership, and business partners.
• Effective verbal and written communications skillsRequired Education
  Bachelor's degree in BA or BS Management Information Systems, Computer Science, Accounting, and /or business related discipline, or equivalent work experience
  One of the following or equivalent certifications required or actively pursuing:
  Information Systems Security Professional (CISSP)
  Certified Information Security Manager (CISM)
  Certified Information Systems Auditor (CISA) certifications
  Complimentary- Certified Ethical Hacker (CEH)
  Or other related certifications
  
  Required Related Work Experience and Number of Years
  IT/IT Security and/or Corporate Risk/Audit Work experience - 6+
  IT Risk Management and/or IT Internal Audit including experience in Information Security & Technical Privacy. - 4+
  
  WORKING CONDITIONS
  Office environment ISE-1 327208BR
  
  Here, employees don't just have jobs, they build careers. That's why we believe in offering a comprehensive pay and benefits package that rewards employees for their contributions to our success, supports all aspects of their well-being, and delivers real value at every stage of life.
  
  The pay for this position has a salary range of $85,900.00 to $152,300.00. The actual salary offer will carefully consider a wide range of factors, including your skills, qualifications, experience and location. Also, certain positions are eligible for additional forms of compensation such as bonuses.

Keywords: SPECTRUM, Littleton , Sr Risk Assessor, Other , Littleton, Colorado