As the Technical Risk Assessor, you will work closely with our business, legal, security, and technology teams to identify, measure and report on technology risk. You will work to ensure compliance with US and International laws, rules, standards, and contractual obligations. You should be passionate about IT and the myriad of IT standards and guidelines that large successful companies should follow. If you enjoy using IT acronyms as part of your normal conversation, you may be a great candidate for this position. You will have broad latitude to work independently and coordinate and interact with a broad group of bright and energetic people throughout the company.
What You’ll Do:
- Continuously identify, assess, measure and monitor information technology risk by performing hands-on risk assessments
- Identify opportunities to reduce risk and document remediation options regarding acceptance or mitigation
- Continuously identify, assess, measure and monitor information technology risk by performing hands-on, data-driven risk assessments
- Identify opportunities for automation and integration of GRC programs, develop requirements and recommend solutions or products to meet the need
- Work with technology and business teams to develop and document risk mitigation action plans, along with recommendations to reduce information security risk within their areas
- Manage the remediation of security assessment findings and recommendations.
- Maintain an up-to-date understanding of emerging trends in information security risks; applies new techniques and trends, in-line with overall information security objectives and risk tolerance
- Test information security controls, across multiple business processes and/or locations, ensuring implementation techniques meet the intent of organizational compliance frameworks and security requirements
- Review enterprise agreements and/or contracts ensuring alignment with organizational security requirements
- Assist with enterprise vulnerability management efforts and calculate the current and residual risk
- Assist with the development of a risk metrics and reporting framework
- Assist in the development of the company's security program, policies, and standards
- Assist with the development and implementation of security awareness programs
What We’re Looking For:
- At least 2 years conducting IT risk and compliance assessments
- At least 2 years evaluating compliance with regulatory and key IT Standards such as SOC2, ISO 27001, PCI DSS, GDPR, HIPAA/HITECH, NIST, CSA/CCM and similar
- Experience working with ServiceNow or RSA Archer GRC
- Fundamental understanding of Cloud environments and DevOps security compliance
- Ability to manage multiple tasks and responsibilities, work alone or in small teams, achieve established goals and objectives, and communicate progress in a timely and meaningful manner
- Ability to understand information security and network risks, with strong technical background and knowledge of Information Technology and security, including Linux, Windows and networking environments
- Experience in internal or external audit in the IT risk and compliance space
- Excellent written and verbal communication skills; must be able to interface with all levels of the organization
- General knowledge of ServiceNow, ITIL, and asset management practices
- Self-starter with the ability to manage their own tasks into a larger project or program effort
- Current information security certifications such as CISM, CRISC, CISSP
- Experience with Tableau
- Experience with FAIR risk methodology
Who We Are:
Founded in 2000, Red Ventures is a portfolio of growing digital businesses that bring consumers and brands together through integrated e-commerce, strategic partnerships and many proprietary brands including Bankrate, AllConnect.com and Reviews.com. Headquartered south of Charlotte, NC, Red Ventures has over 3000 employees in offices across the US, as well as London and Sao Paulo. For more information, visit www.redventures.com.
At Red Ventures we believe that diversity makes us stronger - at work and in the world. Red Ventures is an equal opportunity employer that does not discriminate against any employee or applicant because of race, creed, color, religion, gender, sexual orientation, gender identity/expression, national origin, disability, age, genetic information, veteran status, marital status, pregnancy or any other basis protected by law. Employment at Red Ventures is based solely on a person's merit and qualifications.
About Red Ventures
Red Ventures is a leading digital consumer choice platform based in Charlotte, North Carolina. Through deeply integrated brand partnerships and consumer-facing assets, Red Ventures connects online customers with products and services across high-growth industries including home services, financial services, and healthcare.
Want to learn more about Red Ventures? Visit Red Ventures's website.
Innovative, fast-paced, challenging.. we're everything you want in a workplace.