Security Risk Consultant

Responsibilities:

• Works on the findings/matters requiring attention (MRA) from external or internal regulators, liaising with other business units such Audit, Legal, Regulators, and industry partners.
• Conducts/drives projects in Security Risk & Compliance including but not limited to Security strategy, capability maturity assessments, technical security reviews, ISO/NIST readiness assessments, and audits.
• Supports Security Policy & Standard development and other relevant documentation.
• Assists in planning client deliverables and execution of fieldwork, including preparation for meetings and regulatory requests and updates.
• Assists in managing and coordinating activities with the audit team such as reviewing, analyzing reports, identifying opportunities for remediation, improvement as well as maintaining documentation for each audit.
• Supports the team in reporting calls with the client, ad hoc reviews/deep dives, risk assessments or other internal investigations, collation of risk data and other data reporting/ metrics to senior management and relevant governance forums as required.
• Ensures the timeliness and accuracy in handling of MRAs or assessments, including data requests and responses to exam findings.
• Works closely with relevant subject matter experts and stakeholders to draft and prepare responses to regulatory requests.
• Contributes to business development activities and supports wider Security Practice

• 4-6 years of related experience in IT or Information Security audit, internal controls, or risk management.
• Experience in security risk assessments, testing, or auditing of cybersecurity or information security standards.
• Hands on with MS Excel or similar applications with similar capabilities
• Excellent verbal and written communication skills. Able to communicate persuasively and influence others.
• Demonstrate an understanding of business processes, internal risk management strategies, IT controls, and how they interact together.
• Strong analytical, problem-solving, communication skills and high-level attention to detail and accuracy and ability to work independently and as part of a team.

• Familiarity with Regulatory Control requirements especially around Information Security in the financial industry, General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) and frameworks including (but not limited to) NIST Special Publications and Cyber Security Framework, CIS Controls, ISO/IEC 27000 series, and OWASP Top 10.
• Experience within the Risk function in financial institutions including operational controls and procedures, risk management controls, and other internal control objectives and practices.

• The well-being of WWT employees is essential. So, when it comes to our benefits package, WWT has one of the best. We offer the following benefits to all full-time employees:
• Health and Wellbeing: Health, Dental, and Vision Care, Employee Assistance Program, Wellness program
• Financial Benefits: Competitive pay, Profit Sharing, Life and Disability Insurance, Tuition Reimbursement
• Paid Time Off: PTO & Holidays, Parental Leave, Sick Leave, Bereavement
• Additional Perks: Nursing Mothers Benefits, Employee Discount Program and more!