IT-Cybersecurity Risk Specialist
Western & Southern Life

Cincinnati, Ohio


Summary of Responsibilities:

The IT Risk Specialist will assist the IT Risk Manager with identifying, analyzing, reporting and recommending appropriate treatments of information technology risks across the organization. This position will also assist with coordination of IT-related audit activity and building summary reports for executive management. Works with some supervision and direction from the Senior IT Risk Specialist and IT Risk Manager. Assists with some supervision of junior resources.

Position Responsibilities:

Supports the IT Risk Management function and the Chief Information Security Officer (CISO) with the following:

  • Execution of periodic and comprehensive cyber risk assessments, including the identification of critical assets, risks and controls, execution and supervision of controls evaluation and testing, assessment of residual risk, and recommendations for risk treatment.
  • Execution of adhoc and focused risk assessments for existing or new services and technologies.
  • Monitoring and consulting on open risk items pertaining to IT, including any open regulatory or internal/external audit findings.
  • Assisting with development and delivery of management reporting.
  • Coordinating as needed to support internal audit activities involving IT, including attending audit kickoffs and other meetings with management, consulting with management, assistance with inquires and requests, discussions related to open risk items and audit issues, assessing sufficiency of controls and control evidence, tracking and reporting, and escalations to management as needed.
  • Assisting with response to vendor or regulatory requests from IT or IT Risk.
  • Maintaining strong working relationships with individuals and groups involved in managing information risks across the organization, such as IT Leadership/Management, Enterprise Risk, Enterprise Compliance and Internal Audit.
  • Assisting with measurement of the impact of audit and compliance activities on the IT organization.
  • Assisting with maturity enhancement of the IT Risk Management program, including buildout of new processes and tools.
  • Making decisions and proposing actions as necessary to support the activities detailed above, including when to close risk items, when to provide additional services, and when to escalate to the management.
  • Splitting time as needed between IT Risk and IT Audit Coordination activities. Distribution of activities will require flexibility as the IT Risk Management program matures, and additional roles and responsibilities are defined.
  • Performing other duties as assigned by management.

Selection Criteria:
  • Proven substantial experience in an IT audit, risk or compliance role, with a strong understanding of IT governance, risk and control concepts.
  • Demonstrated experience with IT governance, risk and compliance frameworks such as NIST (preferred), ISO, COBIT, COSO, COBIT, etc.
  • Proven understanding of IT risks that affect information systems design, modification, and processing activities.
  • Demonstrated ability to identify and assess the severity and potential impact of risks.
  • Proven ability to communicate risk assessment findings to risk owners in a respectful and collaborative manner, which promotes efficient and effective risk remediation balanced with business needs.
  • Demonstrated ability to operate independently manages time effectively and make decisions that support the goals of management.
  • Proven ability to build and manage key relationships to support the achievement of positional responsibilities.
  • Demonstrated ability to apply original and innovative thinking to produce new ideas and create innovative solutions.
  • Proven knowledge of risk-based IT and IT-integrated auditing techniques strongly preferred.
  • Demonstrated experience providing presentations and holding meetings with management and leadership strongly preferred.
  • Proven ability to document procedures and activities in a manner that is understandable to others and prepared using a prescribed format, demonstrating use of the English language to include exemplary knowledge, in verbal and written format, of the elements of grammar, punctuation, diction and spelling proficiency.
Work Setting:
  • Works in an office setting and may remain in a stationary position for long periods of time while working at a desk, on a computer or with other standard office equipment, or while in meetings.
  • Continuously performs an activity such as: preparing and analyzing data and figures; transcribing; viewing a computer terminal; extensive reading. Visual acuity is required to determine accuracy, neatness and thoroughness of work assigned. Ability to continuously make repetitive motion of the wrists, hands and/or fingers.
  • Occasionally moves about to accomplish tasks, particularly moving from one workstation to another.
Educational Requirements:
  • Bachelor's degree with three to five years of work experience specifically in IT risk/security, IT audit or IT compliance.
  • Master's degree in computer science, information systems, information security, information risk or a related field a plus but not required.
Computer Skills and Knowledge of Hardware & Software Required:
  • Strong proficiency in the use of Microsoft Office, particularly Word, Excel and PowerPoint.
  • Experience with GRC tools a plus but not required.
Certifications & Licenses:
  • At least one relevant certification required, including but not limited to Certified in Risk and Information Systems Control (CRISC), Certification in Risk Management Assurance (CRMA), Certified Information Systems Auditor (CISA), Certified in the Governance of Enterprise IT (CGEIT), GRC Professional (GRCP) and/or similar risk management / IT assurance certifications.
Position Demands:
  • Extended hours may be required during peak workloads or special projects.
  • Occasional travel may be required by plane or car for training opportunities, but not as part of normal operations.

Job Alerts

Provide an email, zip code for jobs, and/or job category to subscribe to job alerts. Learn more now.

*By subscribing, you agree to our Terms and Privacy Policy.

More Insurance jobs

PMA Companies
Ocala, Florida
Posted about 9 hours ago
PMA Companies
Roseville, California
Posted about 9 hours ago
PMA Companies
Tampa, Florida
Posted about 9 hours ago
View Insurance jobs »

New post from our employment blog

A Better You: Top Tips to Boost Employability

Are you wondering how you can stand out from the crowd of other job applicants?

After massive lay-offs due to the pandemic, ...

Read blog post
Share this inclusion job with the community

Click a community link below, and then social share the IT-Cybersecurity Risk Specialist job.

Disability inclusion jobs logo
Asian inclusion jobs logo
Black inclusion jobs logo
Diversity inclusion jobs logo
LGBTQ inclusion jobs logo
Seniors inclusion jobs logo
Women inclusion jobs logo
Hispanic inclusion jobs logo