Information Security Risk Specialist

Job Expired

JOB DESCRIPTION

Under the direction of the Cyber Security & Assurance (CS&A) team, the Information Security Risk Specialist role will partner with Digital Technology Services (DTS) and business teams to assess risk and validate that the appropriate controls are in place for information systems and that they are working effectively and efficiently. The role also has responsibility for developing, maintaining, and monitoring security documentation such as policies, standards, and procedures. It is critical that this role can communicate technical concepts in a way that is easily understood, as well as be able to effectively assess and communicate business risk and the cost/benefit of implementing compliance solutions.

Successful candidates possess detailed knowledge of risk assessment methodology, control requirements, and evaluation techniques. Work involves coordinating and performing risk assessments to evaluate compliance with relevant internal control requirements and external standards and regulations. Additionally, as the expert in risk and controls, this person will provide consulting services and education to the organization’s management and staff.

Specific Responsibilities:

  • Oversees the planning, execution, and management of multi-faceted projects related to compliance, control assurance, risk management, security, and infrastructure/information asset protection.
  • Provides strategic and tactical direction and consultation on information security and compliance.
  • Maintains an up-to-date understanding of industry best practices.
  • Ensures policies, procedures, standards, and system configurations are documented, tracked, and monitors the compliance of each.
  • Develops processes and procedures for the information security governance program, including control document reviews, participant assessment preparation, meeting coordination, assessment finding mediation, assisting control owner with remediation plan development, tracking findings through remediation, progress monitoring, reporting, and escalation.
  • Facilitate information security risk analysis and risk management processes and to identify acceptable levels of residual risk.
  • Monitors risk mitigation and coordinates policy and controls to ensure that other managers are taking effective remediation steps.
  • Participates in the development and maintenance of a global risk framework (a single view of the company’s risk profiles and tolerance.)
  • Captures, maintains, and monitors information security risk in one repository.
  • Provides reports to leaders regarding the effectiveness of information security and makes recommendations for the adoption of new policies and procedures.
  • Coordinates all IT internal and external assessment components.
  • Ensures recovery drills are performed.
  • Analyzes recovery drills performance and recommends changes to plan, as needed.
  • Acts as liaison between internal audit and IT to ensure commitments are met and controls are properly implemented.
  • Assists in the development and delivery of IT risk & security awareness and compliance training programs
  • Monitor internal and external policy compliance, ensuring both vendors and employees understand cybersecurity risk management policies and that they operate within that framework.

Basic Qualifications:

  • Bachelor’s Degree and/or8+ years professional experience with 3+ years IT audit/compliance experience. (Big four audit experience strongly preferred)
  • 5+ years’ experience in conducting risk assessments.
  • Proven understanding of risk assessment methodologies, frameworks, and procedures such as NIST Cyber Security Framework, NIST SP80053, COBIT, and ISO27001.
  • Experience in data protection security and its functional components
  • Strong written and oral communication skills
  • Ability to effectively interact globally with all areas and levels of the organization, such as legal, marketing, business operations
  • Knowledge with the security domains of security engineering, IAM, asset/network/data securitysoftware development, assessment, testing, and operations
  • Familiarity with defining cybersecurity policies.
  • Ability to work in a virtual, remote team, cultures, and time zones, as well as with those outside the K-C organization including suppliers, partners and customers.
  • Knowledge of information systems terminology, concepts, and practices.
  • Broad range of business and IT experiences.
  • Works with minimal supervision and able to drive results in a matrixed organization.
  • Expertise with a demonstrated track record in reviewing the effectiveness of controls over key IT risks, identifying significant exposures, and detecting control effectiveness.
  • Ability to influence at multiple organizational levels without direct authority.
  • Success in collaborating and organizing across organizational and cultural boundaries along with skill in negotiating issues and resolving problems.
  • Skill in collecting and analyzing complex data, evaluating information and systems, and drawing logical conclusions.
  • Effectively communicate risk and control issues to all levels of the organization
  • Verbal and written fluency in English is mandatory

Accentuators:

  • ISACA certification such as CISA, CISM, or CRISC
  • Certified Information Systems Security Professional (CISSP)
  • Data Protection/Privacy (i.e., GDPR, CCPA, etc.) knowledge
  • Experience in: Project management, Functional team leadership, Remote teams, Matrix organization, Enterprise Governance Risk & Compliance (eGRC), F.A.I.R. Framework, Vendor risk assessments

Kimberly-Clark and its well-known global brands are an indispensable part of life for people in more than 150 countries. Every day, 1.3 billion people – nearly a quarter of the world’s population – trust K-C brands and the solutions they provide to enhance their health, hygiene, and well-being. With brands such as Kleenex, Scott, Huggies, Pull-Ups, Kotex, and Depend, Kimberly-Clark holds No.1 or No. 2 share positions in more than 80 countries. With a 135-year history of innovation, we believe in recruiting the best people and putting them in the right jobs so that they can do their best work. If fresh thinking and a passion to win inspire you, come Unleash Your Power at Kimberly-Clark.

Kimberly-Clark is an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, sexual orientation, gender identity or any other characteristic protected by law.

The statements above are intended to describe the general nature and level of work performed by employees assigned to this classification. Statements are not intended to be construed as an exhaustive list of all duties, responsibilities and skills required for this position.

K-C requires that an employee have authorization to work in the country in which the role is based. In the event an applicant does not have current work authorization, K-C will determine, in its sole discretion, whether to sponsor an individual for work authorization. However, based on immigration requirements, not all roles are suitable for sponsorship. This position is subject to drug and alcohol testing, including pre-employment testing.

#Remote

Global VISA and Relocation Specifications

PRIMARY LOCATION

USA-GA-Atlanta-Roswell

ADDITIONAL LOCATION

USA-IL-Chicago-Flexible Location;USA-TX-Dallas;USA-WI-Neenah

WORKER TYPE

Employee

WORKER SUB-TYPE

Regular

TIME TYPE

Full time

Job #: 833716

More Information

  • This job has expired!
Share this job

13th Anniversary Global InfoSec Awards for 2025 now open for early bird packages! Winners Announced during RSAC 2025...

X