Jump to content

Position:  Information Security Risk Manager
Location:  Milpitas, CA
Job Id:  5614
# of Openings:   1

Organization: Information Security Risk Management
Title: Information Security Risk Manager
Location: FireEye Corporate Headquarters, Milpitas, CA
 
Job Description: 
 
Come join the FireEye team protecting FireEye! With a unique responsibility as a security team protecting a forward-thinking next generation security company, joining the FireEye Information Security and Risk Management (IS&RM) team is truly an exciting career opportunity. This is a growing team led by a Chief Information Security Officer in the Information Systems and Services organization. The IS&RM organization is focused on protecting the company, protecting the customers, and advancing the industry as we deal with a very dynamic and evolving threat landscape.
 
Responsibilities: 
 
IS&RM is building a management team and is seeking a Manager to lead the Information Risk Management function, reporting to the Chief Information Security Officer. This management level role is accountable for leading and developing a team of information security professionals to execute and deliver the following capabilities: risk assessment and analysis, vendor management & review, product release assessments, IT system security assessments, remediation prioritization, security policy development, security awareness, security audit, certification, and compliance management, and customer contract review. This role will also help influence and drive the overall enterprise information security strategy. This role develops and implements an overall enterprise risk dashboard that provides rollup transparency of information security risks across all lines of business. The role is responsible for working collaboratively to communicate and help establish risk tolerance levels in each business area. This role works closely with the ISS Infrastructure and Operations team as well as the IS&RM Manager of Global Situational Awareness to translate vulnerabilities and communicate the risk tradeoffs in alignment with business objectives and risk tolerance. This role is also the operational arm of the enterprise security governance bodies and prepares content for both executive and sub-committee meetings and is responsible for running and delivering content to the sub-committee meetings. 
 
The ideal candidate has a proven history in risk management and policy and is adept at successfully leading enterprise-wide efforts managing a blend of technical and non-technical staff. Ideal candidate is able to demonstrate some level of technical depth in the information security domain. Ideal candidate is output driven and able to leverage multiple forms of communication to articulate complex concepts with proficiency to both technical contributors and executive management.
 
Skills and Qualifications:
 
A bachelor’s in computer science (or equivalent) degree is required with 10-15 years of documented information security work experience and 5 years minimum of management experience. Master’s degree or equivalent experience preferred. Certifications such as CISSP, ISSAP, CRISC, and SANS preferred.
 
Candidate must also possess proficiency one or more of the following skills:
 
  • Leadership and management of an enterprise security role.
  • Operational risk management including both experience in qualitative and quantitative risk management.
  • Familiarity with enterprise GRC technologies and processes.
  • Management and execution of IT risk assessment and compliance audits.
  • In-depth experience with security, audit and compliance frameworks SOX, ISO, NIST, SSAE16, etc.
  • Clear visualization and articulation of risk option and tradeoff scenarios.
  • Development of detailed risk documentation for executive management.
  • Candidate must possess excellent written visualization and verbal communication skills.
 
*LI-DB1


arrowimage Back To Jobs