AVP IT Risk (443322)
AVP IT Risk | 443322
DETAILS
Location: 100% Remote | DFW-local candidates strongly preferred, but not required, for the occasional onsite quarterly meetings, required events, etc.
Position Type: 6M C2H or Direct-Hire (based on candidate preference)
Hourly / Salary: $120K-$160K + 20% bonus structure
JOB SUMMARY
Vaco Technology is currently seeking an Assistant Vice President of IT Risk for a 6M C2H or Direct-Hire (based on candidate preference) that is 100% remote-based. The AVP IT Risk will coordinate and deliver the IT Risk Program, including information security, business continuity/disaster recovery, and enterprise IT program management. The AVP IT Risk will identify, evaluate, and report on information technology risks, ensuring compliance and regulatory standards are met and aligns/supports the overall risk posture.
- Expertise in Information Security – Proven History of Developing / Implementing / Managing / Auditing Cybersecurity Strategies / Policies / Procedures
- Assist IT Risk Team in Continuously Enhancing the Global Infrastructure Security Program – Delivering Security Projects Addressing Identified Risks / Business Security Requirements
- Manage / Deliver the Business Continuity / Disaster Recovery Program – Enhancing Existing Practices / Continuity Testing
- Manage / Coordinate Enterprise Infrastructure Technology Programs – Aligning with Business Requirements
- Perform Ongoing Enhancement of Global Information Security Policies / Procedures – Ensuring Operating Efficiency / Regulatory/Legal Compliance
- Support Global Team in Incident Response – Coordinating Operational Components of Incident Management
- Provide Guidance to Senior Management on Remediation – Information Security Gaps / Reporting Remediation Activities, etc.
- Collaborate / Perform IT Risk Assessments – High-Level Monitoring of Security Vulnerabilities / Cybersecurity Threats / Audits / Tests, etc.
- Define Metrics / Reporting Strategies – Effectively Communicating Successes / Progress of Security Program
- Support the Provision of Regular / Appropriate Cybersecurity Communications / Awareness / Training
- Deliver Information Security Vendor / Key 3rd Party Risk Assessments
- Prepare Regular Information Technology Risk Management Updates – Relating to IT Risk Operations / Attend Security Governance/Operational Meetings
- Support the Global Data Governance Program Operational / Project Deliveries
- Complete Security Assessments / Assurance Updates – Relating to Key 3rd Parties / Investors / Rating Agencies
- Exceptional Communication / Organizational Skills / Attention to Detail – Ability to Interface with All Levels (including Execs / Stakeholders) / Ability to Successfully Communicate Security/Risk-Related Concepts to Technical/Non-Technical Audiences
About the Project: The current AVP IT Risk is retiring at the end of May 2025 and they are looking to bring on a new AVP IT Risk, as soon as possible, to participate in deep and rich knowledge transfer. The current AVP IT Risk has been with the company for many years and the role has grown over time. The AVP IT Risk has no direct reports. The AVP IT Risk will be heavily involved in Information Security, Business Continuity, and Disaster Recovery, where previous experience implementing and maintaining these programs will be critical. Currently, they heavily utilize NTT Americas as their MSP/MSSP Partner as well as additional 3rd Party Vendors, for monitoring threats/incidents, vulnerability, penetration testing, and risk assessments. The AVP IT Risk will not have access to the SIM so there will be no direct hands-on analysis/activities but will be heavily involved in the coordination of remediation, guiding and leading the SOC, and coordinating with internal business users/IT teams when security events are occurring. The AVP IT Risk will coordinate vulnerability, pen testing, and risk assessments with 3rd Party Vendors, assessing results, and coordinating with the MSP and/or internal tech teams to ensure tickets are being entered and remediated in a timely manner. The current AVP IT Risk also came with an Enterprise Architecture background and stepped in when new tools were being introduced and/or optimizing existing tools, including enhancing meetings, coordination, and overall management. The ideal AVP IT Risk will have a technology-driven mindset and be willing to dig into technologies, that may not be initially familiar, to learn it, understand it, and then identify ways to best optimize it. As an example, the current AVP IT Risk recently took over their enterprise Teams initiative. The AVP IT Risk had no prior Teams experience but embedded herself within the technology to provide recommendations on how the company could more effectively and efficiently utilize the product to get the absolute most out of it. While this type of responsibility typically falls outside of the normal scope of an AVP IT Risk, they are looking for someone who is tech savvy, driven, and willing to take on side projects as they arise.
OnPrem-to-Azure Cloud Migration: Currently, they are in the middle of a large-scale effort to migrate OnPrem to the Cloud. They have successfully migrated a data center into Azure and they are currently working towards getting their Europe and North America operations migrated, where they have 30-40 North American servers successfully migrated to the cloud. The overall goal is to have as much as possible migrated to the cloud by the end of 2025, understanding that some areas may not be able to be fully migrated and other areas that may extend beyond the end of 2025 due to required testing, etc.
JOB REQUIREMENTS
- AVP IT Risk – Develop / Implement / Manage / Audit Cybersecurity Strategies / Policies / Procedures | Managing Outsourced Environments
- Disaster Recovery / Business Continuity Frameworks | ISO-22301 – Continuity Planning / Risk Assessment and BIA (Business Impact Analysis) / Resource Management / Emergency Response and Recovery / Testing and Exercising / Monitoring and Continuous Improvement
- Vendor Management – Security-Related Vendor / MSP / 3rd Party Management
- Monitoring Threats / Incidents – Heavy Coordination with MSP and/or Internal Tech Teams for Remediation / Guiding and Leading SOC / Coordination with Internal Business Users/IT Teams During Security Events
- Vulnerability / Pen Testing – Coordination with 3rd Party Vendor / Reviewing and Assessing the Results / Coordination with MSP and/or Internal Tech Teams to Ensure Tickets are Entered / Remediated Timely
- Risk Assessment – Coordinate / Manage Risk Assessments with 3rd Party Vendors
- MS Suite of Tools – Teams (strongly preferred)
'/%3e%3cpath%20d='M101.744%2012.4726L102.894%2016.1947L99.0021%2013.2201L101.744%2012.4726ZM105.3%208.40937H100.488L99.0026%203.59473L97.5116%208.41047L92.7%208.40385L96.5965%2011.3834L95.1055%2016.1942L99.0021%2013.2196L101.408%2011.3834L105.3%208.40992V8.40937Z'%20fill='white'/%3e%3cdefs%3e%3clinearGradient%20id='paint0_linear_5593_1381'%20x1='90'%20y1='9.44471'%20x2='99'%20y2='9.44471'%20gradientUnits='userSpaceOnUse'%3e%3cstop%20stop-color='%2300AD70'/%3e%3cstop%20offset='0.998594'%20stop-color='%2300B67A'/%3e%3cstop%20offset='1'%20stop-color='%23DCDCE6'/%3e%3c/linearGradient%3e%3c/defs%3e%3c/svg%3e){kind=small}
job faster
