The IT Risk Manager position at Symantec is part of Corporate IT Risk & Compliance function. This role is primarily responsible to ensure that IT risks are managed in a consistent and integrated manner across various IT divisions. The Risk Manager will manage all aspects of IT risks within supported IT businesses. The successful candidate will have extensive experience in IT Risk, Information Security & Cyber Security in a technology organization. The position will require the ability to effectively conduct IT/Security risks assessments and manage multiple priorities efficiently while demonstrating excellent time management skills.
Support 1st line of defense with identification of newly identified IT risks, risk analysis including rating, periodic reporting, tracking, and validation of controls effectiveness with a heavy oversight of Information Technology including Information Security, Infrastructure and Cyber resiliency.
Review management action remediation plans to assess effectiveness of proposed remediation and appropriateness of the timeline.
Provide input for business processes and new projects ensuring strategic and operational risk is assessed/considered in all projects, change and business decisions.
Function as a Technology/Security Risk subject matter expert.
Provide oversight on external risk reviews.
Oversee remediation of deficiencies identified in monitoring reviews, self-assessments, automated assessments, and internal and external audits.
Lead IT Policy Exception process. Assist IT leaders in understanding and implementing IT policy objectives in ways that are cost effective, and align with business objectives.
Stay current on security industry trends, attack techniques, mitigation techniques, and security technologies by attending conferences, networking with peers, and other educational opportunities.
Mentor and train less experienced compliance champions.
Engage across risk organization, including Internal Audit and Legal to integrate 2nd line of defense.
10+ years of experience in IT Risk Management and Information Security Risk.
Deeply familiar with PCI, Sarbanes Oxley (SOx), COSO/COBIT, NIST cybersecurity framework, ISO security standards.
Industry certification (e.g., CRISC, CISA, CISM).
Bachelor degree in information Systems, Information Technology, Computer Science, Accounting or Engineering or related discipline (or professional experience working in Enterprise IT) or equivalent experience.
Expertise and advanced consultative skills including building collaborative relationships with all levels of our organization.
Proven experience creating, organizing, and articulating summaries of risk assessment findings/points of view that are easily understood by stakeholders.
Experience with deploying and/or managing enterprise Governance, Risk, & Compliance (GRC) technologies.
Experience in detail orientation, research, compilation, and reporting on data.
Knowledge of regulatory requirements (e.g. SEC, PCAOB, FTC, GDPR).
Experience working effectively as a member of a cross-functional team.
Knowledge of IT infrastructure and security.
Big 4 experience highly desirable.