Cyber Security Risk Assessor
The HP Cybersecurity Risk Assessor is responsible for end-to-end cyber security
risk management, including risk identification, analysis and evaluation,
identifying remediation requirements, and tracking associated risks. Assessment
targets include third parties/service providers, as well as internal business
assets. In addition to conducting risk assessment, the Risk Assessor drives
continual Risk Management process and tool improvements. The position reports
to the Cybersecurity Risk Manager and works closely with teams across
Cybersecurity, IT, Privacy, Legal, Procurement, and Businesses to help protect
HP s assets.
* Ensure timely execution of assigned risk assessments.
* Identify issues and root causes including oversight and facilitation of
risk mitigation plans in alignment with HP Policy & Standards
* Partner with management stakeholders (including at minimum: Business
Units, Supply Chain, IT, Enterprise Risk Management, Procurement) to
effectively drive effective, proactive risk management.
* Prepare and present risk management reports, scorecards, and briefings as
* Review key metrics and overall performance with internal stakeholders and
* Support internal & external audit readiness
* Monitor regulatory changes, corporate updates, and geo-political changes
and ensure HP cyber security compliance
* Support the development and implementation of HP Policy, standards,
guidelines, tools, and documentation for consistent execution of risk
* Drive development, implementation and integration/automation of risk
management tools and processes
* Bachelor's Degree in Information Security, Cyber Security, or related
* 6 years cyber security experience
* Demonstrated experience conducting risk assessments, including internal
information assurance and third party providers
* Experience analyzing SOC reports, application testing reports, SAQ s
* Experience with risk management frameworks, methodologies and tools
* Strong Governance, Risk & Compliance background
* Understanding of ISO 27001/27002/27005, NIST Cybersecurity Framework, PCI
DSS, COBIT, and ITIL frameworks, OWASP, pen testing.
* Experience utilizing API s to enable integration/automation across
* Experience developing workflows
* Experience with data analytics tools
* CRISC certification required; CISSP, CCSP highly desirable; CISA, CISM
* Excellent interpersonal, written, and oral communication skills
* Ability to work in a team as well as independently, in a fast-paced,
multi-tasking, global environment
* Excellent prioritization and multitasking capabilities
* Highly-motivated self-starter who demonstrates initiative
* Hands-on coding/development exposure is desired, but not required.
Responsibilities may vary over time and include, but are not limited to, those
Show moreShow less
FindTheBestJob is a free service and does not charge a fee at any stage of application or recruitment process. Don’t provide your bank account or credit card details to anyone during job application. FindTheBestJob does not guarantee the availability of a job since organizations may end applications earlier than due date.