Senior Lead Information Security Engineer - Risk Management

Lumen is looking for an experienced risk professional to further develop and drive our risk management capabilities focused on enabling the business to make risk-informed decisions. Reporting to the Senior Director Security and Risk Management, the Sr. Lead Security Engineer will be responsible for leading the maturing of ourrisk management framework, policy and standard for cyber risk management. This successful candidate will further perform product and business level risk assessments, manage metrics and reporting to support the business in making risk informed decisions.
This risk professional will work closely with risk owners and leaders in the line of business, security, privacy, compliance, technology, and internal audit. The position requires strong skills and experience in the following areas: leadership, risk management, verbal and written communication, problem solving, experience driving organizational change, and interpersonal skills.

This is a remote position open to candidates based anywhere in the US

*Engage stakeholders and risk owners to improve Lumen's risk culture, and drive risk informed discussions.
*Develop and managerisk management framework, policies, standards and provide risk reporting and oversight.
*Map and perform control testing to assure control compliance.
*Conduct periodic risk assessments to ensure that legal, regulatory, and audit requirements are met. Perform risk analytics and reporting to identify potential patterns, trends as well as target areas for proactive focused deep dive assessments.
*Plan and review annually the risks influencing the effectiveness ofinformation security, privacy, andinformation security risk management.
*Manage and support an enterprise wideGRCplatform and automation process to standardizedrisk assessmentprocess.
*Promote and oversee strategic security relationships between internal resources and external entities, including government, vendors, and partner organizations
*Providing advisory services to other parts of the business to assist in the prioritization and remediation of open risk items.
*Maintain and enforce the Security exception process; track progress and the completion of remediation plans.
*Contribute to the development of metrics, key risk indicators and key performance indicators to assess and report on inherent risks, control strength and residual risk in a consistent and objective manner.
* Coordinate and support security audits and assessments to evaluate policy compliance and existing defenses and to identify vulnerabilities.

*Proven hands-on GRC experience and working with high-performing teams; Ability to influence and drive organizational change.
*Experience and deep understanding of qualitative vs. quantitative risk management and inherent vs. residual risk to properly determine, evaluate, and report oninformation securityand technology risk levels.
*Experience in evaluating, developing, and implementing risk assessmentand mitigation solutions.
*Demonstrated capability to understand and negotiate legal contractual language and effectively communicate with legal attorneys, business sponsors and sourcing teams.
*Experience creating and utilizing KPIs and KRIs; experience with dashboards anddata visualization tools.
*Experience with dailyIT operationsandbest practice frameworks(ISO 27001/2,CSF, CIS Critical Controls,NIST 800-73, etc.) in one or more areas, such assystem administration, networking, andinformation security.
*An understanding of variousdata protection laws(e.g. GLBA, GDPR, CCPA, DORA, etc.).
*Knowledge ofrisk data architectureand technology solutions. Knowledge ofphysical security controlsand processes.
*Strong relationship building experience, both internally with business and technology leaders,information securityteams, and legal teams, and externally with service providers and business partners.
*Excellent communication skills, including presentation, written, and verbal; demonstrated business acumen; Results oriented and proven ability to meet deadlines.
*Strongdocumentation, planning, negotiation, work prioritization, and organizational skills.
*Bachelor's degree inInformation Technologyor related field is preferred. Combination with 5+ years of experience in aninformation securityrole will be considered.
*Preferred working knowledge of legislative and financialregulatory compliancestandards and best practices.
*PreferredCRISC,CISM, CISSP or equivalent certifications.

This information reflects the anticipated base salary range for this position based on current national data. Minimums and maximums may vary based on location. Individual pay is based on skills, experience and other relevant factors.

Location Based Pay Ranges:

$129,639 - $172,852 in these states: AL, AR, AZ, FL, GA, IA, ID, IN, KS, KY, LA, ME, MO, MS, MT, ND, NE, NM, OH, OK, PA, SC, SD, TN, UT, VT, WI, WV, and WY.
$136,121 - $181,494 in these states: CO, HI, MI, MN, NC, NH, NV, OR, and RI.
$142,603 - $190,137 in these states: AK, CA, CT, DC, DE, IL, MA, MD, NJ, NY, TX, VA, and WA.

#GSS

Lumen offers a comprehensive package featuring a broad range of Health, Life, Voluntary Lifestyle benefits and other perks that enhance your physical, mental, emotional and financial wellbeing. We're able to answer any additional questions you may have about our bonus structure (short-term incentives, long-term incentives and/or sales compensation) as you move through the selection process.

Learn more about Lumen's:

• Benefits
• Bonus Structure

#LI-JS1