IBM Jobs

Job Information

IBM Senior Risk Manager in Philadelphia, Pennsylvania

Introduction

At IBM, work is more than a job - it's a calling: To build. To design. To code. To consult. To think along with clients and sell. To make markets. To invent. To collaborate. Not just to do something better, but to attempt things you've never thought possible. Are you ready to lead in this new era of technology and solve some of the world's most challenging problems? If so, lets talk.

Your Role and Responsibilities

Position must be based at either our Raleigh, NC or Armonk, NY offices.

IBM Chief Information Security Office (CISO) is a global function responsible for keeping enterprise safe from cyberthreats and responsible for developing and implementing enterprise wide security programs.

Cybersecurity risk management function is part of CISO’s enterprise wide program that focuses on identifying and managing cybersecurity risks in key areas. The objective of the program is to develop a streamlined process for risk identification leveraging various security data sources, assess key problem areas, communicate and articulate risks to key stakeholders and remediate the risk to an acceptable level.

As a key focus area, the function also evaluates the risk of supplier products and services to IBM. Suppliers are integral part of the organization and many key services and products are dependent on these third party services. IBM’s continuous transformation in new technology areas brings new suppliers with new technology or new working model as a result bringing new risks to IBM environment.

Candidate will be responsible for performing risk assessments of supplier segments to evaluate the risk to IBM and determine recommended actions for mitigating the risk. Candidate will assess the security capabilities of the supplier products/ services as well as IBM internal controls and practices to securely engage the supplier. The candidate will decode each problem areas, identify common scenarios, collaborate with various teams across the organization to develop a holistic view of the problem area, collect datapoints to support the assessment and finally, articulate the risk of the problem to CISO and senior security executives across the organization.

Depending on the problem area, the candidate will need to have a good understanding of various cybersecurity processes & practices, such as identity & access management, encryption, security operations, threat & vulnerability management, third party risks and also strong technical expertise in few cybersecurity domains.

Candidate with technical expertise in leading technologies such as Cloud, Kubernetes, Containers, Data analytics or AI technologies or IoT is an added advantage. Candidates expertise in these areas will aid risk assessment of emerging problem areas around these technologies. This is not a compliance or audit function. On the other hand, this is not a security testing function.

This position will be responsible for managing and executing the following Information Security Risk Management functions:

  • Assess and understand the risk of supplier products/ services to IBM/ Customer data, network and IBM products/ offerings, identify areas of improvement and analyze and provide appropriate recommendations for mitigation of the risk

  • Gain deeper understanding of the problem, business context, users, assets, threats, impact perspective and articulate risk scenarios with appropriate data points

  • Working with the appropriate business users and experts, ensure that for any identified risk that require mitigating action, including vendor disengagement/replacement, a plan is developed and executed.

  • Develop, publish and implement standards and guidance related to supplier security control requirements

  • Develop and support tools, processes and new initiatives of the program

  • Partner and coordinate closely with internal stakeholders (i.e. Business units, Business Unit Information Security executives, Procurement, Internal Audit, Legal, etc.) to facilitate and assess third party relationships.

  • Develop, or assist in the enhancement of, oversight activities for all new and existing third-party relationships.

  • Clearly articulate the risk areas and required mitigation action to senior management of Business units, CISO and cross-functional teams

  • Act as a subject matter expert to assist the business in identifying and mitigating risks on their supplier relationships.

  • Ensure appropriate security terms are included in supplier contracts

  • Enhance and manage information security risk management processes; including risk identification, assessment, monitoring, remediation, and acceptance

  • Collaborate with teams within and outside of Information Security to assess, monitor, and reduce security risk within IBM’ s environment

Qualifications:

  • Masters or Bachelors (BA/BS) degree in Computer Science, Information Security, Information Technology or equivalent experience

  • Overall 10 years of experience in IT or information security domain

  • Experience evaluating third party security controls and status

  • Risk management experience – assessment of large complex problem areas, prioritization of risk and risk mitigation analysis and plan

  • Minimum 2 years of experience in one of the following:

  • Cloud application development, including working with Kubernetes, containers, dockers

  • Cloud infrastructure management – management of Kubernetes, containers, cloud databases and applications

  • Experience in development, deployment or maintenance of data analytics and AI projects

  • Experience in development, deployment or maintenance of IoT applications and infrastructure

  • Minimum 3 years of experience in one of the following:

  • Experience in security architecture and solutioning

  • Experience in application security management

  • Experience running vulnerability scans or management

  • Experience in Security Operations Center (SOC)

  • Experience in managing network security

  • Experience in security technologies such as Identity & Access Management, encryption, DLP, etc.

  • Excellent verbal and written communications skills

  • Experience creating and managing information security programs

  • Strong understanding of security risk management frameworks such as NIST, ISO 27001/27002, CIS Critical Security Controls, COBIT, COSO

  • Program Management

Desired Skills:

  • ISO 27001 implementation knowledge

  • NIST 800-53 implementation experience

  • Preferred Certifications

  • CISSP

  • CISA

  • CRISC

Required Technical and Professional Expertise

  • Overall 10 years of experience in IT or information security domain

  • Evaluating third party security controls and status

  • Risk management experience – assessment of large complex problem areas, prioritization of risk and risk mitigation analysis and plan

  • Minimum 2 years of experience in one of the following:

  • Cloud application development, including working with Kubernetes, containers, dockers

  • Cloud infrastructure management – management of Kubernetes, containers, cloud databases and applications

  • Development, deployment or maintenance of data analytics and AI projects

  • Development, deployment or maintenance of IoT applications and infrastructure

  • Minimum 3 years of experience in one of the following:

  • Security architecture and solutioning

  • Application security management

  • Running vulnerability scans or management

  • Security Operations Center (SOC)

  • Managing network security

  • Security technologies such as Identity & Access Management, encryption, DLP, etc.

Preferred Technical and Professional Expertise

  • Familiarity with SOC 2 Type 2 audits

  • ISO 27001 implementation knowledge

  • NIST 800-53 implementation experience

  • Preferred Certifications

  • CISSP

  • CISA

  • CRISC

  • AWS cloud certifications or similar

  • Kubernetes certification or similar

  • Certifications in Data AI or machine learning

About Business Unit

IBM Corporate Headquarters (CHQ) team represents a variety of functions such as marketing, finance, legal, operations, HR, and more, all working together to solve some of the world's most complex problems, help our clients achieve success and build collaborative work environments for IBMers.

Your Life @ IBM

What matters to you when you’re looking for your next career challenge?

Maybe you want to get involved in work that really changes the world? What about somewhere with incredible and diverse career and development opportunities – where you can truly discover your passion? Are you looking for a culture of openness, collaboration and trust – where everyone has a voice? What about all of these? If so, then IBM could be your next career challenge. Join us, not to do something better, but to attempt things you never thought possible.

Impact. Inclusion. Infinite Experiences. Do your best work ever.

About IBM

IBM’s greatest invention is the IBMer. We believe that progress is made through progressive thinking, progressive leadership, progressive policy and progressive action. IBMers believe that the application of intelligence, reason and science can improve business, society and the human condition. Restlessly reinventing since 1911, we are the largest technology and consulting employer in the world, with more than 380,000 IBMers serving clients in 170 countries.

Location Statement

For additional information about location requirements, please discuss with the recruiter following submission of your application.

Being You @ IBM

IBM is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.

DirectEmployers