_Job Seekers can review the Job Applicant Privacy Policy by clicking HERE. _

Summary

The Information Security Risk Lead is responsible for the oversight and execution of the company’s Information Security function, as it relates to the design, development, implementation, and monitoring of the Information Security Risk Management program. Additionally, this role will lead the maturation and evolution of the risk management tools and methods, as well as ensuring comprehensive reporting of all security risks. The Information Security Risk Lead will work across the security team to promote awareness of the risk management program and desired risk culture. The position requires a diverse background to understand a variety of systems, including new technologies and legacy systems considered business critical.

Essential Functions

Lead the execution and maturation of the information security risk management program

Perform targeted risk assessments to identify and report on strengths and weaknesses in the program as they relate to privacy, security, business resiliency and compliance frameworks

Manage and oversee the implementation and maintenance of an Enterprise GRC tool

Work effectively with leads across the Information Security team to assist with identifying, measuring, and planning remedial action plans for information security risks

Document and maintain workflows and design documents and procedures to identify gaps in risk posture and risk acceptability based on controls

Create and present risk posture and recommendations to Information Security leadership

Perform ad-hoc assessments, analysis, and reports as needed to support the team’s needs

Additional Responsibilities

Foster and maintain good relationships with business partners and colleagues to meet expected service levels.

Research and recommend new tools and technologies to gain efficiencies and enable functionalities.

Deliver schedule milestones on-time to ensure project/program objectives are met.

Performs other duties as assigned.

Skills and Abilities

Track record of acting with integrity, taking pride in work, seeking to excel and being curious and flexible.

Strong written and oral communication skills across varying levels of the organization.

Understanding of service design, delivery concepts and control frameworks.

Organized, with the ability to prioritize and complete tasks within defined SLAs.

Excellent judgment and the ability to make quick decisions when working with complex situations.

High degree of integrity, trustworthiness and confidence; represents the company and its management team with the highest level of professionalism

Qualifications

Bachelor's degree required Information Security, Information Technology, Management Information Systems

Master's degree preferred Information Security, Information Technology, Management Information Systems

Seven (7) years or more Experience with technology risks and controls and deploying information governance, information technology risk management, compliance, information security, or privacy programs required

Seven (7) years or more Experience with cyber security and information security program management and frameworks (e.g. NIST CSF, ISO/IEC 27000, etc.) required

Exposure to and familiarity with relevant standards such as ISO/IEC 27000 family - Information Security Management Systems, NIST Cybersecurity Framework, NIST 800, and applicable laws related to regulatory compliance, information security and privacy (e.g. SOX, HIPAA, GDPR, PCI-DSS) intermediate required

Knowledge of information security risk management and IT controls frameworks and methodologies (e.g. ISO/IEC 27005, COBIT, OCTAVE) intermediate required

Knowledge of Risk Management Principles (risk avoidance, transfer, mitigation, acceptance), Risk Assessment process intermediate required

Knowledge of Cloud Security - Cloud Control Matrix (CCM), Consensus Assessment Questionnaire (CAIQ) intermediate required

Knowledge of Common Controls Hub - Unified Compliance Framework (UCF) intermediate preferred

Knowledge of Standardized Information Gathering (SIG) Questionnaire intermediate preferred

Knowledge of AICPA SOC for Service Organizations intermediate preferred

Other Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), or Certified in Risk and Information Systems Control (CRISC) or Certified Cloud Security Professional (CCSP) credentials or International Association of Privacy Professionals (IAPP)

Travel: 1-10%

DOT Regulated: None

Job Category: Information Security

Compensation Information :

The compensation offered to a candidate may be influenced by a variety of factors, including the candidate’s relevant experience; education, including relevant degrees or certifications; work location; market data/ranges; internal equity; internal salary ranges; etc.

Compensation ranges for the position are below:

Pay Type :

Salaried

Minimum Pay Range:

$135,000.00

Maximum Pay Range:

$145,000.00

The position may also be eligible to receive an annual bonus, commission, and/or long-term incentive plan based on the level and/or type.

Benefits Information:

For all Full-time positions only : Ryder offers comprehensive health and welfare benefits, to include medical, prescription, dental, vision, life insurance and disability insurance options, as well as paid time off for vacation, illness, bereavement, family and parental leave, and a tax-advantaged 401(k) retirement savings plan.

Ryder is proud to be an Equal Opportunity Employer and Drug Free workplace.

All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, sex, sexual orientation, gender identity, age, status as a protected veteran, among other things, or status as a qualified individual with disability.

Security Notice for Applicants:

Ryder will only communicate with an applicant directly from a [@ryder.com] email address and will never conduct an interview online through a chat type forum, messaging app (such as WhatsApp or Telegram), or via an online questionnaire. During an interview, Ryder will never ask for any form of payment or banking details and will never solicit personal information outside of the formal submitted application through www.ryder.com/careers .

Should you have any questions regarding the application process or to verify the legitimacy of an interview or Ryder representative, please contact Ryder at [email protected] or 800-793-3754.

Current Employees:

If you are a current employee at Ryder (not a Contractor or temporary employee through a staffing agency), please click here (http://wd5.myworkday.com/ryder/d/task/1422$3.htmld) to log in to Workday to apply using the internal application process.

_Job Seekers can review the Job Applicant Privacy Policy by clicking HERE. _

#wd