Lead IT Security Specialist – Risk Management in Secaucus, NJ at Quest Diagnostics

Date Posted: 5/27/2020

Job Snapshot

Job Description

Look for more than answers. 

At Quest, we are on a continuous journey of discovery and development. It’s this attitude that has made us an industry leader and the #1 Diagnostic Lab in the US. For those joining us, we offer exciting and fast-moving career opportunities where you can affect change at a rate unheard of in many organizations of our size and scope. While we invest in and develop technology to drive our innovations, our ongoing success relies on our people.

As a Lead IT Security Specialist – Risk Management  you will work for the world leader in the industry, with a career where you will have the opportunity to collaborate and affect change while expanding your leadership skills and technical knowledge. You can make a real impact in a market that is growing and developing.

This professional will work from our Secaucus, NJ location.

Lead IT Security Specialist – Risk Management, the role:

The Lead IT Security Specialist – Risk Management  will ensure we manage and continually improve the program in the following areas:  maintain the IT Risk Management program documentation, the company IT risk registry, IT risk assessments and the IT risk management monitoring.

Job responsibilities:

  • Oversee all aspects of the IT Security Risk Management program including assessment, action planning, execution, remediation, tracking and monitoring.

  • Publish and maintain the IT risk repository and proactively work with IT and business functional areas to prioritize security investments based upon the level of risk identified.

  • Interact with the ERM organization in conducting related IT risk assessments.

  • Perform ad-hoc IT risk assessments as required.

  • Develop and manage strategic reporting and metrics in support of demonstrating the effectiveness of the risk program

  • Benchmark the risk management practices and maintain an up-to-date understanding of industry best practices and monitor the legal and regulatory environment for developments that could require changes to our risk program.

  • Create, disseminate and update documentation of the matrix of identified IT risks and controls.

  • Work directly with the business units and other internal departments and organizations to facilitate IT risk analysis and risk management processes, identify acceptable levels of residual risk, and establish roles and responsibilities related to information classification and protection.

  • Coordinate information security and risk management projects with personnel from the IT organization, lines of business, and other internal departments and organizations.

  • Where appropriate follow up on deficiencies identified in monitoring reviews, self-assessments, automated assessments, and internal and external audits to ensure that appropriate remediation measures have been taken.

  • Identify control gaps and weaknesses, and work collaboratively with other internal departments to ensure existing or new IT processes, policies and standards comply with internal controls and regulatory standards and requirements.

To qualify, the ideal candidate will have the following skills and experience

  • 7+ years of experience with IT security including concepts, and controls, IT risk management and risk frameworks, IT governance, internal and external audit, and compliance functions.

  • Strong leadership abilities, with the capability to develop and guide information security team members and work with minimal supervision

  • In-depth knowledge and understanding of information risk concepts and principles, as a means of relating business needs to security controls including HIPAA, National Institute of Standards and Technology (NIST), PCI and HITRUST.

  • In-depth knowledge of risk assessment methods and technologies. 

  • Working knowledge of federal requirements, such as HIPAA, DoD, Cyber Security Framework (CSF)

  • Technical knowledge of mainstream operating systems and a wide range of security technologies, such as network security appliances, identity and access management (IAM) systems, anti-malware solutions, automated policy compliance tools, and desktop security tools.

  • Experience in developing, documenting and maintaining security policies, processes, procedures and standards.

  • Audit, compliance or governance experience is preferred.

  • Strong analytical skills to analyze requirements and relate them to appropriate risk controls.

  • Ability to interact with company personnel at all levels and across all business units and organizations, and to comprehend business imperatives.

  • Strong written and verbal communication skills are important for this position.

  • Strong leadership abilities, with the capability to develop an IT security team and guide team members and to work with only minimal supervision.

  • A strong customer/client focus, with the ability to manage expectations appropriately, to provide a superior customer/client experience and build long-term relationships.

  • Familiar with GRC (Governance Risk and Compliance) tools, a strong customer/client focus, with the ability to manage expectations appropriately, to provide a superior customer/client experience and build long-term relationships

  • B.S. Degree in Computer Systems Engineering, Computer Science, Computer Information Systems, or equivalent education and experience required.

  • Specialized training in information security helpful. CISSP, CRISC, CISA, SSCP, GIAC with risk proficiency and other security-specific certifications preferred.

  • Excellent organizational and time management skills

  • Highly productive and resourceful, carries “can do” attitude in approaching challenges, and a true self-starter

Apply Today

Join us for competitive benefits and development opportunities in a progressive and supportive environment. Help us improve our service, and the experiences of our patients and colleagues. Work with us and together we can be better.

Your Quest career. Seek it out.

All requirements are subject to possible modifications to reasonably accommodate individuals with disabilities. Quest Diagnostics is an Equal Opportunity Employer: Women / Minorities / Veterans / Disabled / Sexual Orientation / Gender Identity or Citizenship. 

If you’re interested in career opportunities, but not ready to apply, join our talent network to stay connected to us and receive updates on the latest job opportunities and company news.

Group of people