Director of IT Security and Risk
CEB (NYSE: CEB) is the leading member-based advisory company. By combining the best practices of thousands of member companies with our advanced research methodologies and human capital analytics, we equip senior leaders and their teams with insight and actionable solutions to transform operations. This distinctive approach, pioneered by CEB, enables executives to harness peer perspectives and tap into breakthrough innovation without costly consulting or reinvention. The CEB member network includes more than 16,000 executives and the majority of top companies globally.
CEB’s Information Security team is seeking a Director of IT Security and RIsk to perform risk assessments of IT functions and processes of the company’s Corporate IT function within its global information security program.
In part, this involves identifying, documenting, and quantifying risk scores on various assets as it relates to IT operations. Applicants for this role must possess a keen understanding of information security vulnerabilities, threats and the ability to prioritize remediation efforts based on risk.
- Work with Information Security leads to plan, design and implement an overall risk management process for the firm
- Manage the Information Security engineering team, providing professional development, coaching, and performance management
- Manage process for assessing risk for CEB vendors, contractors, and other third-party service providers
- Respond to security questionnaires from CEB client’s regarding CEB Security capabilities and risk management program. This requires understanding CEB’s security environment and risk posture
- Perform risk assessments, which involve analyzing risks as well as identifying, describing and estimating the risks affecting the business
- Implement risk evaluation, which involves comparing estimated risks with criteria established by the firm such as costs, legal requirements and environmental factors, and evaluate CEB’s previous handling of risks
- Produce and tailor risk reports for use with different audiences
- Provide support, education and training to staff to build risk awareness within the firm
- Identify process improvements to meet acceptable risk profile, communication and collaboration with appropriate teams to get initiatives prioritized and scheduled
- Lead IT Risk audits of data products across the firm to ensure member and client data is kept secure
- Functional knowledge of security information and management products; investigatory procedures; and event documentation/tracking.
- Minimum of 5 years of formal risk management demonstrating progressive responsibility for managing Risk Portfolios for large complex projects or domains in a cross-functional environment.
- Experience with formal risk management procedures, policies and reporting.
- Excellent written and verbal communication and presentation skills with technical and non-technical team members.
- Proven documentation skills including proficiency with the documentation and documentation maintenance for process work flow diagrams.
- Demonstrated ability to influence over cross-functional working teams in a matrixed environment by serving as a trusted advisor and domain expert.
- SANS GIAC, CISSP, CISA, or other Risk Management certifications are required.
- Familiarity with relevant SOX, COBIT and/or ISO standards related to data security/IT operations and business continuity is a plus.
- Strong teamwork and staff management skills to maintain strong working relationships within and outside Corporate IT, to develop a results-oriented work environment.
- Must be highly self-reliant, motivated and able to take ownership of tasks through completion.
- Must be process oriented and a person with strong analytical skills.
- Strong work ethic and interpersonal skills.
- BA/BS required.
- Ability to travel domestically and internationally (travel is less than 10% of the role). Must have valid passport and no international travel restrictions.
Compensation and Benefits Package
- Competitive base salary and bonus potential
- Full benefit package including medical, dental, vision, 401K, paid time off (PTO), employee stock purchase plan, flexible spending, and tuition assistance
For more information on other exciting opportunities, please visit our Careers page.
CEB is an Equal Opportunity Employer.
Back to top