This site uses cookies. To find out more, see our Cookies Policy

Senior Information Risk Officer (IRO) in Jersey City, NJ at Verisk Analytics

Date Posted: 8/2/2018

Job Snapshot

  • Employee Type:
    Full-Time
  • Job Type:
  • Experience:
    Greater than 15 years
  • Date Posted:
    8/2/2018

Job Description


 

Verisk Analytics has an amazing story to tell. In 2016, Forbes magazine named Verisk Analytics to its World’s Most Innovative Companies list and to its America’s Best Large Employers list. If you’re looking for a career that transforms, inspires, challenges, and rewards you, then come join us.

At Verisk, you can build a rewarding career with challenging and meaningful work; create a positive, lasting impact on the business; and find the support, coaching, and training you need to advance your career. Our culture of innovation means your ideas on how to improve our business will be heard. As key contributors to our success, our team members enjoy working in a business-casual, collaborative environment that offers state-of-the-art resources, advanced technologies, and an excellent benefits package.

Verisk Analytics is a leading data analytics provider serving customers in insurance, natural resources, and financial services. We’ve been delivering data, analytics, and decision support services to our customers for more than 45 years. At Verisk, you’ll be part of an organization that’s committed to serving the long-term interests of our stakeholders, including the communities where we operate.

Summary

The Risk & Compliance division of Verisk Analytics is seeking a Senior Information Risk Officer to identify, assess and establish mitigation strategies within individuals businesses and across the enterprise. The successful candidate will partner and maintain strong working relationship with key constituents (i.e.; Regional & local IT services, global security services, business continuity, enterprise risk management, corporate audit, compliance, and GRC Systems) while driving solutions to reduce risk. This position serves as the primary liaison between enterprise risk & compliance and the designated line of business. In this role, you’ll be responsible for taking a holistic view of IT Security and compliance as it relates to specific LOB supported. The Senior IRO will be responsible for making risk based decisions and be able to account for those decision by the use of risk methodologies and deep knowledge of standards such ISO 27001 and NIST 800-37 and 800-53.

The day to day expectations of this role are:
  • Achieve enterprise risk and compliance objectives by working with LOB’s to achieve a highly focused business approach to information security and privacy risk management.  
  • As directed by the SVP Risk and Compliance, you’ll have the ability to work on, or spearhead the efforts for various additional projects including:
    • Conduct policy and standards awareness programs. Understand, communicate and educate staff regarding IS Security standards and other Enterprise standards. Identify and create Plan of Action & Mitigation for any identified control gaps associated with policies and standards.
    • Work with IT Architecture team(s) to understand and manage security components of infrastructure and applications.
    • Coordinate security compliance and internal/external audit activities.
    • Provide Metrics and Report about security.
    • Participate or manage projects associated with the IT Security & Compliance domain.
    • Actively participate in the development and implementation of enterprise policies, standards and processes
    • Determine data requirements, metrics, and reporting requirements for LOB information security and privacy risk management that provide the criteria to build use cases for eGRC automation.
    • Create an organizational commitment to Security by “Design”
  • Identify and lead the appropriate subject matter experts to participate in the identification and analysis of risk scenarios
  • Direct the completion of risk analysis sessions and risk assessment activity within the Lines of Business (LOB).
  • Support the accountable parties in determining the appropriate treatment of identified risks and identify appropriate action plans for risk remediation
  • Partner with assigned LOB risk managers to ensure alignment and support the LOB in understanding and applying the IT Process, Risk and Control (PRC) framework
  • Align IT Risk Management (ITRM) activity with the IT PRC framework
  • Direct the LOB to identifying and obtaining the data required for consolidated metrics and reporting
  • Train the LOB end users to understand the risk management tool and how to leverage its capabilities and support awareness across ITRM principles, concepts and methodologies
  • Facilitate the communication, education and awareness of key IT Risk Management initiatives and coordinate feedback to be provided back to IT Risk Management
  • Mentor individuals at all levels and throughout the LOBs regarding risk management including following activities: Categorize Select, Implement, Assess, Authorize& Monitor 
  • Other duties as assigned

The successful candidate will have:
  • B.S. in IT related discipline or similar degree preferable.
  • Advanced knowledge and Work experience in Risk Management or related fields such as Audit, IT Security, or Business Continuity, however other IT disciplines are eligible, for typically 5 - 7 years combined with 2 - 3 years IT experience preferably in IS Security/Information Risk Management.
  • CISSP, Certified in Risk and Information Systems Control (CRISC) designation preferred or attained within 2 years
  • Technical knowledge to understand detailed issues around business continuity, security, and overall risk in IT. Able to have enough expertise to drive a solution and solve issues, addressing risk.
  • Strong communications skills are required to work across the organization, and several corporate functions.
  • Ability to frame risk issues in a risk business case / terms, to help priorities projects and value.
     

We offer an excellent compensation package. Our benefits package is competitive and includes full healthcare options, a 401(k) plan, and generous paid time off program.

 

Verisk Analytics is an Equal Opportunity Employer

http://www.verisk.com/careers.html

 

  

#LI-JB1