Senior Technology Risk Manager (Information Security / Cybersecurity)

Blackrock, Inc. Atlanta , GA 30301

Posted 2 months ago

Description

About this role

Job Purpose/Background:

BlackRock is one of the world's preeminent asset management firms and a leading provider of investment management, risk management, and advisory services to diverse investors globally. BlackRock offers our clients a range of solutions, from thorough fundamental and quantitative active management strategies to highly efficient index strategies for broad exposure to the world's capital markets. Our clients access our investment solutions through a variety of products, including individual and institutional separate accounts, mutual funds, other pooled investment vehicles, and the industry-leading iShares ETFs.

Understanding and leading risk is the cornerstone of BlackRock's approach to responsible investing. Our Risk and Quantitative Analysis (RQA) group promotes BlackRock as a leader in risk management by providing independent top-down and bottom-up oversight to help identify investment, counterparty, operational, model, regulatory, technology, and third-party risks.

Technology Risk Management (TRM) is a key part of the RQA Enterprise Risk Management group. As a second line of defense function, our mission is to help ensure senior management has defined technology controls that protect our clients, our firm and support the achievement of firm-wide business goals within our risk tolerance. TRM partners with senior management, Aladdin Product Group and Technology leadership, Information Security, Operational Risk and other control functions to achieve this mission.

The ideal candidate for this position must be a multifaceted, flexible and creative leader, with experience in technology and enterprise risk management and financial services. The candidate must have strong presentation, communication and project management skills in order to successfully navigate across different levels of the BlackRock and client organizations. The candidate must also be able to work cross functionally across enterprise risk subject areas.

Responsibilities:

  • Lead and support periodic and thematic risk assessments to execute continuous control monitoring; detail potential control gaps and questions, conduct business engagement meetings and follow-ups throughout the year.

  • Focus on Information Security governance, risk and compliance matters, responsible for the identification, assessment and management of information security risks globally across all information security domains. Provide cyber security technical advisory services regarding industry and leading practices, relevant critical initiatives, and emerging technologies and trends.

  • Support corporate enterprise risk initiatives and processes that have a technology component as a well act as a single point of contact for the all enterprise management matters for the assigned business relationships.

  • Oversee risk remediation efforts for risk and control issues and support issue closure or risk acceptances, as needed.

  • Drive issues and actions resulting from internal audit, regulatory reviews and external audits to completion; work with action owners to gather and evaluate appropriateness of evidence.

  • Work closely with regional compliance teams to prepare for regulatory requests, representing TRM as necessary in face to face meetings in conjunction with other partners.

  • Challenge the design of global technology metrics, perform data and trend analysis, and produce monthly KRI and KPI metric reports.

  • Build and maintain relationships globally across the firm including Technology Management, Information Security, Third-Party Risk, Enterprise Risk and Internal Audit. Be a risk champion within the wider BlackRock business.

  • Stay updated on global technology related regulations, industry standards, and other guidance related to Technology Resilience, Cyber Security and Technology Vendor Risk.

  • Partner with BlackRock software development and technology teams to help them identify, understand and mitigate technology control risks through control education, review of metrics, and completion of self-assessments

  • Successfully work cross functionally across other enterprise risk management subject areas (i.e. operational risk, model risk).

Requirements:

  • 6+ years of experience working in a Technology Risk, IT Audit, Information Security or related field (financial services industry experience preferred)

  • Demonstrated experience in industry leading practices and control frameworks, such as COBIT, NIST CSF, ISO 27001 as well as regulatory requirements, such as GDPR, GLBA and CCPA.

  • Have an established understanding of software design, distributed systems, SDLC, and/or technology operations (hands on experience preferred)

  • Demonstrable ability to analyze and monitor risk control issues through to resolution

  • Project management, relationship-building analytical and organizational skills

  • Effective communicator

  • Has the capacity to multitask and complete difficult assignments within deadlines and with short lead times

  • Proven ability to build and maintain effective working collaborations across teams and regional locations

  • Strong Microsoft Office skills (including Microsoft Excel, PowerPoint, and Word) as well as familiarity with GRC tools.

  • Experience with Tableau preferred.

  • Bachelor's degree required

Our benefits

To help you stay energized, engaged and inspired, we offer a wide range of benefits including a strong retirement plan, tuition reimbursement, comprehensive healthcare, support for working parents and Flexible Time Off (FTO) so you can relax, recharge and be there for the people you care about.

About BlackRock

BlackRock's purpose is to help more and more people experience financial well-being. As a fiduciary to investors and a leading provider of financial technology, our clients turn to us for the solutions they need when planning for their most important goals. As of June 30, 2020, the firm managed approximately $7.32 trillion in assets on behalf of investors worldwide.

For additional information on BlackRock, please visit www.blackrock.com/corporate | Twitter: @blackrock | Blog: www.blackrockblog.com | LinkedIn: www.linkedin.com/company/blackrock

BlackRock is proud to be an Equal Opportunity and Affirmative Action Employer. We evaluate qualified applicants without regard to race, color, national origin, religion, sex, sexual orientation, gender identity, disability, protected veteran status, and other statuses protected by law.

BlackRock will consider for employment qualified applicants with arrest or conviction records in a manner consistent with the requirements of the law, including any applicable fair chance law.

icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Information Security Manager

Realty Income Corporation

Posted 2 weeks ago

VIEW JOBS 11/7/2020 12:00:00 AM 2021-02-05T00:00 Realty Income, The Monthly Dividend Company®, one of four San Diego based S&P 500 companies dedicated to providing shareholders with dependable monthly income. Our company is structured as a REIT, and its monthly dividends are supported by the cash flow from over 6,000 real estate properties owned under long-term lease agreements with regional and national commercial tenants. To date, our company has declared over 600 consecutive common stock monthly dividends throughout its 50-year operating history and has continually increased the dividend since Realty Income's public listing in 1994 (NYSE: O). Our company attracts individuals who value integrity, perseverance, and teamwork. If you appreciate working in a professional environment that rewards employees based on merit and values a work-life balance, make sure to apply today! As Realty Income's Information Security Manager, you will be responsible for the development and management of Realty Income's cyber security program(s) to ensure company and employee data is protected from breach and malicious activity. Reporting to the Vice President, Information Technology, you will ensure that the security program is operating efficiently, and that security controls are designed using industry best practices and standards. Your Contribution to the Team Includes Information Security Program Management * Ensure the information security program is operating effectively and efficiently. * Enhance existing security processes and procedures and implement security controls and polices that align with NIST and FFICE cybersecurity frameworks. * Periodically perform cybersecurity risk assessments and design controls and policies to address new and changing areas of risk. * Maintain and create cybersecurity policies, standards, procedures, and guidelines. * Create comprehensive dashboards and reports for company leadership. Security Operations * Work with IT team members to design and implement new security controls, processes, and procedures. * Review and configure all security platforms to produce high-quality and actionable security alerting. * Work with IT team members to make system hardening recommendations. * Work with IT team members to ensure essential security and operational logging is being collected, analyzed, and relevant security alerts are being generated. * Work with IT team members to respond to and prioritize security alerts or notifications. * Preform periodic technology inventory and asset risk classification review. This review consists of hardware assets, mobile assets, applications, data, and user accounts. * Review all new software and technology decisions to understand the impact to security, make recommendations on how to address any security related issues. Cybersecurity Awareness Program and Security Testing * Manage the internal cybersecurity awareness program (Knowbe4). * Provide periodic cybersecurity training and information to employees. * Perform quarterly phishing test (Knowbe4). * Work with 3rd party security vendors for penetration testing and other security assessments. Security Incident Response * Respond to security alerts generated from internal systems. * Respond to internal employee or vendor security notifications. * Participate in Incident Response testing, planning and execution. Vulnerability Management Program * Manage and administer the company vulnerability management program and platform(s). * Ensure all Realty Income IT assets are scanned for software and operating system vulnerabilities. * Ensure any custom developed application source code is scanned for vulnerabilities. * Ensure discovered vulnerabilities are being prioritized and vulnerability remediation activities are occuring within the timelines documented in the company vulnerability management policy. Requirements What You'll Need to be Successful * Bachelor's Degree from a four-year college or university in Computer Science / Information Technology; or eight years related experience and/or training; or equivalent combination of education and experience. * CISSP (Certified Information Systems Security Professional) Certification * More than 3 years' experience in an Information Security role. * At least 3 years' experience in a technical IT role (System Administration/Network Administration/DevOps). * Critical thinker and problem solver with the ability to make decisions and effect change throughout the organization. * Strong, experienced leader and consensus builder with excellent verbal and written communications skills. * Strong organizational, interpersonal, and administrative skills with a high degree of professionalism. * Excellent negotiator with the ability to work in a team environment. * Excellent analytical and problem-solving abilities. * Solid technical background with an ability to give instructions to a non-technical audience. * Extensive experience writing and implementing formal security policies and procedures. * Experience working with and securing Microsoft Windows operating systems, Microsoft Office 365, Azure AD and Microsoft Active Directory. * Strong networking skills (TCP/IP). * Experience with common industry SIEM platforms. * Experience with common industry vulnerability management platforms. * Knowledgeable about Data Loss Prevention (DLP) concepts and techniques. * Programming and application development experience is preferred. * Knowledgeable about cybersecurity frameworks (NIST, FFIEC). In response to COVID-19, Realty Income has maintained our business operations and have open opportunities, yet made necessary adjustments to our hiring process. We are conducting all steps of the interview process in a virtual capacity. In response to California's Stay at Home order and other states with similar provisions, our employees will continue to work remotely until these restrictions have been lifted and it is safe to work in an office again. Realty Income has endeavored to be adaptable and strategic in our capacity to maneuver in an unfamiliar situation, and we pride ourselves on our resilience. We immensely appreciate both your flexibility and consideration of Realty Income for employment. To all recruitment agencies; Realty Income does not accept unsolicited agency resumes. Please do not forward resumes to our job's alias, Realty Income employees, or any company location. Realty Income is not responsible for any fees related to unsolicited resumes. Realty Income Corporation Atlanta GA

Senior Technology Risk Manager (Information Security / Cybersecurity)

Blackrock, Inc.