Risk Management Officer

This position will be responsible for the development and delivery of a company-wide, comprehensive information security and privacy program. The emphasis of this position is on policy development, program administration and compliance/incident response activities.

Primary Responsibilities:

  • Manage the process of identifying and assessing the risks affecting the business.
  • Design and implement an overall risk management process for the organization (ERM program).
  • Evaluation of security requirements and solutions for processing sensitive information.
  • Propose, coordinate, implement and enforce information security policies & methodologies.
  • Provide oversight and support to Information Security Officer.
  • Ensure application security reviews are conducted and findings addressed.
  • Responsible for the Disaster Recovery and Business Continuity Programs of the organization.
  • Responsible for oversight of annual SSAE – 16 SOC 1 audit, HIPAA compliance, etc.
  • Lead efforts to achieve a SOC 2 and SOC 3 certification.
  • Provide information security reporting to senior team; includes security risk and issues.
  • Ensure tracking, resourse allocation and remediation of all related audit findings.
  • Involvement and participation in the security incident management process as required.

Essential Skills:

  • A detailed knowledge of the general tools and techniques of risk management.
  • Knowledge and experience with SSAE – 16, HIPAA, Electronic Medical Records, etc.
  • Working knowledge and experience in the policy and regulatory environment.
  • Experience with best practices pertaining to data classification, data access controls, data stewardship and privileged access management and monitoring.
  • Knowledge of systems development lifecycle and associated tools.

Education and Experience:

  • Bachelor degree required, Master’s degree preferred in associated field.
  • At least ten (10) years’ experience in information security or information risk management.
  • At least five (5) years’ relevant work experience (life insurance/finance industry).
  • Appropriate professional certification preferred.

Andesa Services Announces Roy Peterson as Chief Technology Officer


BCTV Features Article on Andesa CEO’s Appointment to Albright Board of Trustees


It’s Really Special What Your Team Does