Information Security plays a foundational role in supporting our firm's diverse businesses, and we are excited to build upon that foundation as we add an Information Security Enterprise Risk Manager to our team.
You will work in a high growth tight knit team environment where input is valued and success is rewarded. The Information Security Enterprise Risk Manager reports to the Associate VP of Information Security. You will work with Information Security, Technology, Project, and Enterprise Risk Management teams to perform technology risk analysis and recommend controls. You will also recommend and implement technology risk practices following Fisher Investments Digital Asset risk management goals. This is a contract-to-hire opportunity.
- Represent Information Security in Enterprise Risk Management technology reviews for Digital Assets, including evaluation of inherent risk, researching vendor practices and controls, recommending new practices and controls, and estimating residual risk
- Mature Enterprise Risk Management evaluation procedures for Digital Assets
- Work with Information Security, Technology, and Data Privacy experts to determine efficacy of technical and practical Digital Asset controls
- Research new possible technical and practical Digital Asset risk controls
- Perform security-focused risk and gap assessments to identify, document and track security risks associated with: cloud and physical IT infrastructure and services, applications, information systems, vendors and other third parties
- Identify risk levels and associated controls to manage risk levels applying both quantitative and qualitative techniques
- Translate risk management measures from technical to organizational language
- Provide security risk services to business owners and partners
- Maintain a broad knowledge of methodologies and technologies in the area of risk assessments and controls measures
- 3+ years in Enterprise Risk Management for Digital Assets, including development of risk evaluation processes, control evaluations and recommendations, and vendor research
- 3+ years digital asset audit review experience (including SOC 2 Type II, SOX compliance, PCI compliance, vulnerability reports, retention policies)
- Knowledge of Information Security and risk standards and frameworks such as NIST 800-53, CIS benchmarks, OWASP, ISO-27001 and COSO
- Experience assessing risk or implementing controls in a cloud-based enterprise environment
- Knowledge of information systems, risk assessment methodologies and security control technologies
- Balance risks in ambiguous and complex scenarios
- Experience leading programs and in GRC platforms
Why Fisher Investments:
At Fisher Investments, we work for a bigger purpose: bettering the investment universe. From unmatched service to unique perspectives on investing, it's the people that make the Fisher purpose possible. And we invest in them by offering exceptional benefits like:
- 100% coverage of premiums for health, vision and dental insurance
- A 50% 401(k) match, up to the IRS maximum
- 20 days of PTO*, plus 9 paid holidays
- 8 weeks paid Primary Caregiver Parental Leave
- Back-up Child Care Program available, offering up to 10 days annually
- A cumulative learning and development framework customized for every employee
- An award-winning work environment - we're Great Place to Work Certified, and Top Workplace winners from The Oregonian
We take great pride in our inclusive culture. We value the different perspectives and unique skills you bring to the team – it makes us all better. Success at Fisher Investments is motivated by results, a collaborative mindset and a commitment to accomplishing great things – so if you are ready to do that, we are ready for you! Apply today to be a part of a team environment where you make a difference in the lives of people by bettering the investment universe.
*California employees accrue up to 17 days of PTO and 3 days of sick time per year.
FISHER INVESTMENTS IS AN EQUAL OPPORTUNITY EMPLOYER