Information Security Risk Manager - Washington, United States - Hogan Lovells
Description
Keen to become part of a truly global, collaborative team of professionals? Your journey begins here.
The Information Security Risk Manager, under the direction of the Head of Global Information Risk, is tasked to protect information assets in support of Hogan Lovells business objective and in conformity with firm policies.
This role is a core function of the broader Information Security team and is tasked with continually improving the security posture of Hogan Lovells through providing security-related guidance, developing and assessing compliance with security policies and standards, executing the security risk management approach, and evangelizing security matters throughout the company.
The Information Security Risk Manager will manage a program to identify, classify, remediate, and mitigate security risks and vulnerabilities throughout the firm.
JOB DESCRIPTION
Continually seek to improve the firm's security risk assessment methodologyPerform risk assessments of business processes, security controls, and technology architecture based upon industry standard requirementsMature the firm's IT and Security Risk Program while enhancing underlying risk registers, security questionnaires and surveys to aid in the effective execution of risk assessmentsCommunicate and mature security metricsRecommend security controls and/or corrective actions for mitigating technical and business risksManage projects and enhance solutions that result from assessment findings and recommendationsResearch, identify, and consult with subject-matter experts to recommend risk mitigating solutionsSupport the security awareness program to improve overall security maturity across the firmManage and maintain exceptions to the firm's established policies, standards and industry normsDevelop trend reporting to identify areas of focus and risk concentrationManage and enhance the firm's security policies; andAll members of the firm are encouraged to participate in our Responsible Business program.
QUALIFICATIONS
REQUIRED SKILLS
Working knowledge of established risk and security control frameworks (NIST, ISO 27001, etc.)Ability to communicate information about the vision and direction of our information security program to firm leadership;Must be able to communicate clearly and effectively with people from all levels of the firm;Strong verbal and written communication skills, including the ability to translate risk management concepts into business language;Must be highly organized and driven, work well with others, be process- and solutions-oriented, and have an absolute commitment to excellence and integrity;Demonstrated effectiveness in listening to the business on security needs;Ability to visualize, plan, and execute on areas of process improvement that increase the efficiency and delivery of our security capabilities;Superior attention to detail, problem solving capabilities, and multitasking skills; andAble to thrive in a fast-paced, rapidly evolving environmentEDUCATION, CERTIFICATIONS, AND/OR EXPERIENCE
Five (5) to seven (7) years total experience across IT, Information Security, Risk Management, and/or Program Management domainsThree (3)+ experience in risk management and security governanceInformation Security certifications preferred (CISSP, CISA, CRISC, etc.)
HOURS
Core hours are Monday through Friday, 9:00 a.m. to 6:00 p.m. Must be flexible to work additional hours. This is a hybrid work environment, requiring 3 days in-office.
This job description sets forth the authorities and responsibilities of this position and may be changed from time to time as shall be determined.
Hogan Lovells is an Equal Opportunity Employer.
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, age, national origin, disability, sexual orientation, gender identity or expression, marital status, genetic information or protected Veteran status.
#J-18808-Ljbffr