Manager, Cyber Security Risk Operations – Bed Bath & Beyond Union, NJ
Note: We are reader supported and may earn a small commission when you click on links in posts
About the job
Reporting to the Senior Manager, Risk Operations Center (ROC), the Cyber Security Risk Operations Manager is a highly collaborative function that has primary responsibility for identifying risks related to people, processes, and technology and recommending appropriate and effective management solutions across all aspects of information technology and information security. The manager will assess the use of technology within the company to identify potential risks and develop processes that reduce or mitigate those risks. The Cyber Security Risk Operations Manager will ensure that monitoring is in place to identify risks in a continuous manner as opposed to a point in time. This individual will also work closely with the CISO to lead corporate wide efforts to identify, measure, and manage cybersecurity risk at Bed, Bath & Beyond.
- Manage the process of gathering, analyzing, and assessing the current and future threat landscape, as well as providing a realistic overview of risks and threats in the enterprise environment
- Conduct information technology and security risk assessments, track mitigations efforts, and develop risk metrics and risk dashboards
- Develops and evolves Cyber Security policies, standards, guidelines, and procedures to ensure operating efficiency and regulatory compliance
- Execute security risk related projects/programs, such as updating security policies, standards and leading our security awareness programs
- Perform risk assessments to identify current and future security vulnerabilities
- Analyzes the results of various security scans, process appraisals and other improvement efforts
- Performs and manages the implementation of countermeasures or mitigating controls
- Monitor current and proposed laws, regulations, industry standards, and ethical requirements related to information security
- Work with the CISO to oversee a framework and methodology for completion of contingency plans by internal business units.
- Ensure effective Business Continuity strategies to support and, in time of disaster, recover the company’s critical business functions.
- Ensure reporting and escalating any security, privacy, or identity theft incidents as appropriate.
- Promote information security awareness to all employees
- Works with the Senior Manager, ROC to develop a security program and security projects that address identified risks and business security requirements
- Lead security team consisting of internal staff and external security expertise
- Coordinates with users to discuss issues such as access needs, security violations, and security training needs
- Works closely with 3rd party partners to secure data and assets
Need Security Training? Certifications at Your Own Pace
- IBM Cybersecurity Analyst Professional CertificateIntroduction to Cybersecurity Tools & Cyber Attacks by IBM
- Generative Adversarial Networks (GANs) Specialization from DeepLearning.AI
- Agile Leadership Specialization from the University of Colorado
- International Cyber Conflicts from the State University of New York (SUNY)
- IT Fundamentals for Cybersecurity Specialization by IBM
- Google Cloud Security Professional Certificate from Google Cloud
- Google Cloud Networking Professional Certificate from Google Cloud
- Introduction to Blockchain Specialization from Association of International Certified Professional Accountants
- Bachelor’s degree
- 5+ years of experience in information technology security or IT risk management and at least 1-2 years of leadership experience
- 3+ years project management experience leading projects with tight deadlines that involve the use of automated and manual systems and supporting internal customers
- Preferred certifications include at least one of the following: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager, (CISM), Certified Information Systems Auditor (CISA), or Certified in Risk and Information Systems Control (CRISC)
- Understanding of key technology concepts such as access control, confidential data, encryption, business continuity, and security monitoring tools
- A strong knowledge of IT organization business processes and systems including IT security, data management, architectural and planning, technology life cycle management, continuous audit, and regulatory concerns
- Understanding of risk management functions, including technical standards (preferably ISO 27001/NIST/CSA) and their implications
- Excellent oral and written communication skills to collaborate with employees at all levels of the organization. You will prepare reports and make presentations to senior level management. You will interact with various levels of employees to collect and communicate information.
- Highly organized with ability to prioritize in a fast-paced environment
- Advanced computer skills and proficiency in Microsoft Office products
- Solid problem-solving skills and the ability to be highly productive, both working alone and as part of a team.
- Experience and strong understanding of security tools/technologies and working with legal, audit and compliance staff
- Proficient in performing risk, business impact, control, and vulnerability assessments, and in defining treatment strategies
- Experience in developing and documenting policies, procedures, standards, guidelines, and plans, including strategic, tactical and project plans
- Ability to multitask in a fast-paced, technical environment
If you need reasonable accommodations to complete the on-line application, please contact the Human Resource Department.
This email address is only to request reasonable accommodation for the application process due to a medical condition. If you do not need a reasonable accommodation for such reason, please use the apply button below to complete an application and upload your resume.
An Equal Opportunity Employer
It is the policy of Bed Bath & Beyond Inc. to recruit, hire, train, promote, transfer and compensate our associates and provide all other conditions of employment including Company sponsored events without regard to race, color, creed, religion, national origin, age, sex, gender identity, genetic information, marital status, lawful alien status, sexual orientation, physical or mental disability, citizenship status, veteran status, employment status or any other basis prohibited by applicable law.