Risk Management Officer

This position will be responsible for the development and delivery of a company-wide, comprehensive information security and privacy program. The emphasis of this position is on policy development, program administration and compliance/incident response activities.

Primary Responsibilities:

  • Manage the process of identifying and assessing the risks affecting the business.
  • Design and implement an overall risk management process for the organization (ERM program).
  • Evaluation of security requirements and solutions for processing sensitive information.
  • Propose, coordinate, implement and enforce information security policies & methodologies.
  • Provide oversight and support to Information Security Officer.
  • Ensure application security reviews are conducted and findings addressed.
  • Responsible for the Disaster Recovery and Business Continuity Programs of the organization.
  • Responsible for oversight of annual SSAE – 16 SOC 1 audit, HIPAA compliance, etc.
  • Lead efforts to achieve a SOC 2 and SOC 3 certification.
  • Provide information security reporting to senior team; includes security risk and issues.
  • Ensure tracking, resourse allocation and remediation of all related audit findings.
  • Involvement and participation in the security incident management process as required.

Essential Skills:

  • A detailed knowledge of the general tools and techniques of risk management.
  • Knowledge and experience with SSAE – 16, HIPAA, Electronic Medical Records, etc.
  • Working knowledge and experience in the policy and regulatory environment.
  • Experience with best practices pertaining to data classification, data access controls, data stewardship and privileged access management and monitoring.
  • Knowledge of systems development lifecycle and associated tools.

Education and Experience:

  • Bachelor degree required, Master’s degree preferred in associated field.
  • At least ten (10) years’ experience in information security or information risk management.
  • At least five (5) years’ relevant work experience (life insurance/finance industry).
  • Appropriate professional certification preferred.
paper airplane graphic


Andesa Successfully Completes SOC 1®, SOC 2®, and SOC 3® Examinations