Risk Management Officer

This position will be responsible for the development and delivery of a company-wide, comprehensive information security and privacy program. The emphasis of this position is on policy development, program administration and compliance/incident response activities.

Primary Responsibilities:

  • Manage the process of identifying and assessing the risks affecting the business.
  • Design and implement an overall risk management process for the organization (ERM program).
  • Evaluation of security requirements and solutions for processing sensitive information.
  • Propose, coordinate, implement and enforce information security policies & methodologies.
  • Provide oversight and support to Information Security Officer.
  • Ensure application security reviews are conducted and findings addressed.
  • Responsible for the Disaster Recovery and Business Continuity Programs of the organization.
  • Responsible for oversight of annual SSAE – 16 SOC 1 audit, HIPAA compliance, etc.
  • Lead efforts to achieve a SOC 2 and SOC 3 certification.
  • Provide information security reporting to senior team; includes security risk and issues.
  • Ensure tracking, resourse allocation and remediation of all related audit findings.
  • Involvement and participation in the security incident management process as required.

Essential Skills:

  • A detailed knowledge of the general tools and techniques of risk management.
  • Knowledge and experience with SSAE – 16, HIPAA, Electronic Medical Records, etc.
  • Working knowledge and experience in the policy and regulatory environment.
  • Experience with best practices pertaining to data classification, data access controls, data stewardship and privileged access management and monitoring.
  • Knowledge of systems development lifecycle and associated tools.

Education and Experience:

  • Bachelor degree required, Master’s degree preferred in associated field.
  • At least ten (10) years’ experience in information security or information risk management.
  • At least five (5) years’ relevant work experience (life insurance/finance industry).
  • Appropriate professional certification preferred.
 
Andesa Services is a member of the Rutland Ethics Alliance. Forum for Ethics in the Workplace Andesa Services was named one of the Best Places to Work in PA for 2013. Andesa Services is a Glassdoor Open Company. Andesa Services is a proud member of the American Fraternal Alliance. Andesa Services has passed the AICPA's SSAE 16 SOC 1 exam. Seal of excellence for footer
RECENT NEWS

Andesa Services Announces Roy Peterson as Chief Technology Officer

READ THIS All News
MEDIA COVERAGE

BCTV Features Article on Andesa CEO’s Appointment to Albright Board of Trustees

READ THIS All Media
FROM THE BLOG

It’s Really Special What Your Team Does

READ THIS Our Blog

6575 Snowdrift Road, Suite 108
Allentown, PA 18106
(610) 821-8980

Privacy Policy