IBM Cybersecurity Operational Risk Analyst - IBM CISO in Minneapolis, Minnesota
Position must be based at either Armonk, NY, Raleigh, NC or Herndon, VA offices.
This role is for Cyber Risk Team in IBM CISO organization which is globally responsible for managing cybersecurity risks, establishing risk management roles and responsibilities and implementing organization-wide risk management strategy.
Candidate will be responsible for enhancing the effectiveness of operational security risk management across the organization. The candidate will deploy and manage IBM’s agile security risk management framework to Business Unit Information Security Officer (BISO), senior executives, security teams, developers, architects and other asset owners in the Business Units and ensure the framework is used to consistently identify and assess cybersecurity risks they encounter in day-to-day operation. The candidate will develop and implement education programs to increase the risk awareness amongst asset owners and Business unit teams. Candidate will monitor operational security risks for suspicious patterns and work with the respective BISOs to investigate and mitigate the risk. The candidate will develop and implement security metrics to maintain operational risks at an acceptable tolerance level.
Serve as cybersecurity risk advisor for agile security risk management framework
Liaison with Business Unit teams to identify, document, assess and mitigate cybersecurity risks
Educate business unit teams on identifying cybersecurity risks in day-to-day operations
Familiarize with organization’s agile security risk management framework and use the framework to manage operational security risks
Should have capability to develop an understanding of organization’s business operations and related security requirements, challenges and concerns.
Analyze operational risk data and provide meaningful insight for the management
Be knowledgeable about current security threats, events and breaches in the industry
Broad knowledge and understanding of various security domains, including cloud security, IoT, application security or Blockchain and emerging threats, vulnerabilities and attack methods
Analytical skills to correlate operational risk data and identify critical risk/ issue patterns
Ability to clearly articulate security risks and exposures to BISOs, BU security teams and asset owners and coordinate mitigation activities
Strong knowledge of cybersecurity industry standards, laws and regulations such as ISO 27001, NIST, COBIT, etc.
Ability to collaborate with numerous and diverse stakeholders in cross-geo locations working in different time zones
Required Technical and Professional Expertise
Minimum 8 years of experience in cybersecurity field and at least 2 years of experience in Cloud or IoT architecture or application security or Blockchain
Experience conducting risk assessment for complex cloud environments, DevOps environments, or IoT devices.
Experience implementing risk management frameworks or conducting risk assessments, security audits, ISO 27001 certification.
Good program and project management skills and technology expertise
Strong analytical & communication skills required
Preferred Tech and Prof Experience
Experience working with Big data and analysis tools
Professional certification such as CISSP, CISA
Broad domain knowledge on agile development methodologies
IBM is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.