Job Description
Red Wing Shoe Company is looking for an experienced Information Security Risk Manager to join our team to manage Governance, Risk, and Compliance (GRC) activities within our Information Security Program. Reporting to the Director of Information Security, this role is focused on developing, maintaining, and managing Red Wing’s Information Security GRC processes and functions. The Information Security Risk Manager will drive information security risk identification, tracking, and remediation efforts internally and with critical third-party vendors and partners.
The Information Security Risk Manager will monitor Red Wing’s compliance with key security regulations and standards and provide risk consulting, guidance, and training to internal business and technical partners on security policies, standards, and regulations related to their business areas and projects.
ESSENTIAL DUTIES AND RESPONSIBILITIES
- Manage the information security risk management process, including identifying, assessing, mitigating, and monitoring risks.
- Oversee the PCI-DSS compliance program, ensuring payment channels remain compliant, resolving issues, and reporting annually.
- Build relationships with key business partners to address information security risks and implement effective remediation plans.
- Lead third-party and vendor risk management programs, ensuring external partner security and compliance are monitored and reported.
- Collaborate with cross-functional teams to ensure DevSecOps processes adhere to regulatory requirements, security policies, and controls.
- Develop and deliver user security awareness training and foster a strong security culture.
- Support vulnerability management, coordinating to identify, prioritize, and remediate security gaps.
- Establish and maintain security policies and standards aligned with the company’s security strategy.
- Monitor and report on the Information Security Program’s effectiveness, driving continuous improvement.
- Stay informed of industry best practices, regulatory requirements, and emerging threats to enhance the company’s security posture.
Qualifications
MINIMUM EDUCATION AND YEARS OF EXPERIENCE:
- A bachelor's degree in Information Security, Computer Science, or a related field.
- A minimum of 7 years of experience in information security, with a focus on risk management, GRC, and/or vulnerability management.
- Relevant professional certifications, such as CISSP, CISM, CRISC, or CISA, are preferred.
REQUIRED KNOWLEDGE, SKILLS, AND ABILITIES:S)
- Experience managing and/or assessing information security risk management processes, GRC functions, and/or vulnerability management.
- Strong knowledge of, and experience managing, Payment Card Industry Data Security Standards (PCI-DSS) compliance.
- Strong knowledge of information security principles, best practices, and industry standards, such as CIS Critical Security Controls, ISO 27001, NIST, and GDPR.
- Experience performing technical risk analysis using quantitative risk methodologies, such as FAIR (Factor Analysis of Information Risk)
- Familiarity with third-party and vendor risk management concepts, processes, and tools.
- Experience developing and delivering security awareness training programs for a diverse audience.
- Excellent communication skills, with the ability to articulate complex security concepts to both technical and non-technical stakeholders.
- Strong documentation, planning, negotiation, work prioritization and organizational skills.
- Team player willing and able to promote a working environment that encourages and increases collaboration, clarity, and innovation.
See more jobs at Red Wing Shoe Company
Apply for this job