Job Details

Risk Manager (CORPORATION)

Cambridge, MA, United States
  • Employment Type: Direct Hire

Our client, a  Fortune 500 company, is seeking a Risk Manager to join their Privacy, Risk and Governance team in Cambridge, MA. The Risk Manager will assist in establishing and maintaining the overall IT/cyber risk management program and contribute to identifying, evaluating and reporting on information security risks. This position will focus on cross-functional collaboration executing information security and risk management projects with personnel from the IT organization and other internal departments and organizations. Candidates must have experience in conducting vendor or other risk assessments and developing appropriate mitigation solutions. Excellent written and verbal communication skills including the ability to effectively communicate security and risk-related concepts to technical and nontechnical audiences are required. Industry certifications relating to security and risk management such as CRMA, CISA or CISSP are preferred. Resumes to [email protected]


This Risk Manager will assist the Risk Management Lead in establishing and maintaining the client’s overall IT/ cyber risk management program, which is designed to ensure that the company’s systems and information assets are adequately protected. The individual in this position contributes to identifying, evaluating and reporting on information security risks in a manner that meets the client’s regulatory and other compliance requirements. 


The Risk manager works proactively with the various business units and other internal departments and organizations to implement practices that meet our client's defined policies and standards for information risk management. The risk management function is part of the Privacy, Risk and Governance team.


Effective risk management requires a comprehensive and performance-based approach that aligns levels of protection with business needs. For this reason, the Risk manager must be much more than simply a technology and controls expert, he/ she must also possess appropriate management and communications skills and extensive business knowledge.


Key Responsibilities:

  • Acts as subject matter expert on cyber, IT and vendor risk
  • Analyzes risks and track via risk register
  • Conducts assessments, monitoring and reporting on Vendor Information risks
  • Conducts other risk assessments on assets, functions or programs as needed; synthesizes analysis and findings for review with stakeholders
  • Supports the Risk Lead in developing and implementing effective IT risk management practices
  • Executes information security and risk management projects with personnel from the IT organization, lines of business, and other internal departments and organizations as appropriate
  • Compiles reporting and metrics on risk and risk management activities as requested
  • Assists in training and awareness on risk and risk management activities

Qualifications: 

  • Demonstrated ability delivering results
  • Knowledge of common risk management methodologies — for example, FAIR, Control Objectives for Information and Related Technology and Committee of Sponsoring Organizations Enterprise Risk Management
  • Experience in conducting vendor and other risk assessments and developing appropriate mitigation solutions
  • Excellent organizational skills
  • Technical aptitude and understanding of IT systems and their connection to data collection and processing
  • Keenly-developed business partnering and collaboration skills, adept at establishing and sustaining effective working relationships, both within and between departments
  • Ability to operate effectively in a matrixed environment; building and managing peer and management-level relationships through achievement of results, accountable to schedule, and allocation of resources and meeting customer needs
  • Solution and results oriented
  • Excellent people skills, a team player, strong interpersonal and collaborative skills
  • Excellent written and verbal communication skills; including the ability to effectively communicate security- and risk-related concepts to technical and nontechnical audiences
  • Project management skills with the ability to keep multiple projects moving forward simultaneously
  • High level of personal integrity, with the ability to handle confidential and otherwise sensitive matters professionally and with the appropriate level of judgment and maturity
  • High degree of initiative, dependability and ability to work with little supervision
  • Experience in risk management or a 6-8 years in a related discipline (for example, security, privacy, business continuity management, audit or compliance)
  • Experience working in the pharmaceutical or biotechnology industry preferred
  • Industry certifications relating to security and risk management are desired (for example, Certification in Risk Management Assurance [CRMA], Certified Information Systems Auditor [CISA], Certified Information Systems Security Professional [CISSP])
  • A bachelor's degree is strongly preferred at minimum; candidates with equivalent and relevant industry experience will also be considered
     

Interested in this job? Get in touch.

(Accepted file formats are PDF, DOC, DOCX, TXT, RTF and ZIP. File size maximum is 2 MB.)