More jobs:
Information Security Risk Oversight Professional
Job in
Brooklyn Park, Hennepin County, Minnesota, USA
Listed on 2026-07-13
Listing for:
Jobtailor
Full Time
position Listed on 2026-07-13
Job specializations:
-
IT/Tech
Cybersecurity, Information Security
Job Description & How to Apply Below
Responsibilities
- Provide independent oversight and credible challenge of the Information Security program across multiple security pillars, including governance, risk assessments, controls, metrics, and issue management.
- Perform risk‑based assessments of first line security practices, identifying gaps, weaknesses, thematic concerns, emerging risks, and control deficiencies.
- Develop and articulate independent risk opinions supported by sound analysis, evidence, and professional judgment.
- Evaluate alignment of first line activities with applicable laws, regulations, regulatory guidance, industry standards (e.g., NIST 800‑53, FFIEC, PCI, NIST CSF 2.0, etc), and internal policies.
- Monitor key risk indicators, security metrics, assessment results, and issue trends to identify systemic risks or areas requiring escalation.
- Escalate material risks, control weaknesses, or ineffective risk management practices through appropriate governance and reporting channels.
- Act as a subject matter expert on information security risk, providing insights and guidance to stakeholders while maintaining 2
LoD independence. - Build and maintain strong, professional relationships with first line stakeholders while confidently challenging assumptions, conclusions, and risk positions when necessary.
- Contribute to executive‑level risk reporting by clearly summarizing risk posture, trends, and areas of concern in a concise and defensible manner.
- Stay current on evolving cybersecurity threats, regulatory expectations, and industry best practices to continuously strengthen oversight effectiveness.
- Bachelor's degree, or equivalent work experience.
- Typically more than eight years of applicable experience.
- Strong foundational understanding of information security domains (e.g., vulnerability management, identity and access management, application security, cloud security, security governance, incident management).
- Demonstrated ability to perform risk assessments and oversight activities with depth, critical thinking, and professional skepticism.
- Experience operating in or with a Second Line of Defense, audit, or regulatory environment is strongly preferred.
- Proven ability to work independently and autonomously, managing priorities and delivering high‑quality work with limited direction.
- Strong written and verbal communication skills, including the ability to translate technical risk into clear, executive‑ready insights.
- Ability to engage confidently with senior stakeholders while maintaining independence, objectivity, and professionalism.
- Relevant certifications (e.g., CISSP, CISA, CRISC, CISM) are preferred but not required.
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
Search for further Jobs Here:
×