Information Security Risk Manager

Information Security Risk Manager

The CES Security Operations Center is currently looking to hire an Information Security Risk Manager to serve BYU, BYU-Hawaii, BYU-Idaho, and Ensign College. This position, along with our other Risk Management positions, will be supporting and enabling the implementation of security programs and controls, advising on the risk implications of architecture and design decisions, and assisting with the design and validation of risk reduction efforts of various administrative and academic units at each campus. People skills are essential as we regularly interact with campus customers. This position also gives you the opportunity to share with others your acquired skills, to grow and learn more, and to apply that learning. Other responsibilities will be assigned to you as you gain skills through on-the-job training, career-focused professional development, and mentoring. 

You are going to love working at BYU/OIT! Here's why: 

• OIT strives to provide the flexibility needed (both in schedule and remote work) to help employees maintain a great work-life balance. 

•  You will work with real-world, leading-edge technology that serves the campus community while furthering your career.  

• OIT provides regular training and coaching to help you grow your career and improve your skills. 

•  Plus, we have a LOT of FUN together!  

What you will be doing in this position: 

Consulting and Advisory Duties:  

• Establish and maintain relationships with various campus partners 

• Assist business and technical leaders in understanding, prioritizing, and reducing information security risk 

• Participate in key security and privacy compliance committees to ensure business practices adequately meet regulatory compliance requirements 

• Communicate risk and/or information security knowledge appropriately to technical and non-technical audiences  

Risk Analysis, Assessment and reporting:  

• Promote and evaluate adherence to information security policies and standards 

• Coordinate security assessment findings and reports with management, engineers, and customers 

• Prioritize risk reduction work based on resources available and risk levels  

What qualifies you for this role:   

Education and Experience:    

This position provides an opportunity for people of varying levels of skill.  If you have a lot of education, experience, and skill, we'll compensate you accordingly.  If you are early in your career, this could be a great opportunity for you, too.  Different levels of pay are assigned by the hiring department depending on experience/education/skills and business needs.   

Minimum Required: Bachelor’s degree in Information Systems, Information Technology or equivalent professional experience; 5+ years of related work experience preferably in an information security, IT assurance, compliance, or risk management role.  

Certifications:  Prefer one or more recognized IT security or assurance certifications such as CISSP, CISA, CISM, CRISC, CPISA (other technical certifications are also given consideration). 

Skills, abilities, or knowledge:   

You are not required to have experience in all areas listed below. What you don't know we can teach you. We are seeking the most qualified candidates; the more you have, the more likely you will be selected. Compensation will be commensurate with experience and skills.  

Technical Skills and Experience: 

For this position, we are looking for someone with experience and expertise in several of the concepts and specific technical skills listed below: 

• Familiar with security standards and best practices such as those specified by the payment card industry, ISO 27000, National Institutes of Standards and Technology, and Center for Internet Security 

• Excellent communication skills (Written and verbal) 

• Ability to develop, refine and follow processes 

• Proven ability to conceptualize, analyze and communicate complex issues and concerns to both technical and non-technical managers and workers 

•  Conversant in the security and risk implications for common technical architecture and components. Ability to identify and assess security risks across technical domains such as segmented enterprise networks, identity and access management, cloud architectures, insider threats, endpoint protections, securing web applications, and privacy regulatory compliance. 

• Ability to work individually and as part of a team with minimal supervision 

What we offer in return: 

In addition to our competitive pay structure, this position comes with fantastic benefits, including: 

• 401k. BYU automatically contributes 8% at no cost to you. Additionally, if you contribute 5%, BYU adds an additional 4% (Rehires may qualify for different retirement plans) 

• Excellent work-life balance: 13 paid holidays + 22 days paid vacation + 12 sick days, accrued annually 

• Employee assistance program, available to the employee and all members of their household 

• Tuition benefits for employees and eligible family members 

• Access to athletic facilities 

• Excellent medical/dental benefits 

• Short/long-term disability benefits 

• Paid parental and maternity leave 

• Wellness Program 

• Free on-campus parking 

• Free UTA passes for employees, spouses, and qualified dependents 

• Discounts at the BYU Store and for many events at BYU 

Pay Grade: 55T

Typical Starting Pay: $99,000-$129,000