Senior Cybersecurity Risk Architect

Position Description

We are seeking a highly skilled and detail-oriented Senior Cybersecurity Risk Architect to join our team. This position will report to the Sr. Manager, IT Resilience and Controls, and will be responsible for ensuring that our organization maintains a comprehensive risk program and complies with all relevant regulations and industry standards. The role involves conducting risk assessments, developing compliance policies, maintaining risk registers, and implementing procedures to mitigate potential risks.
 

Key Responsibilities

Manage the risk and compliance program

• Assess and prioritize information security and cyber security risks across the organization
• Conduct comprehensive risk assessments to identify potential areas of concern within the organization
• Develop and implement compliance programs, policies, and procedures to safeguard against legal and regulatory risks 
• Prepare remediation plans to ensure timely resolution of risks
• Facilitate compliance with regulatory requirements and information security policies
• Collaborate with internal teams to assess and enhance existing processes, ensuring adherence to compliance requirements
• Monitor and analyze changes in legislation and regulations, updating stakeholders on potential impacts to the organization
• Conduct internal audits to assess compliance levels and identify areas for improvement
• Provide guidance to staff on compliance-related matters and offer training programs to enhance awareness
• Prepare and submit regulatory reports and documentation as required by relevant authorities
• Collaborate with legal and other relevant departments to address compliance issues promptly
• Assist in the development of risk mitigation strategies and contingency plans

Improve Awareness and Training

• Provide subject matter expertise and guidance on infosec standards and policies to regional and local functions
• Provide on-going guidance on requirements and expectations to control and process owners
• Train the trainer and provide training to relevant staff

Business Partnering

• Provide periodic review of risk postures to business leadership and all stakeholders
• Facilitate coordination and execution of risk remediation with business stakeholders

Required Education & Qualifications

• Bachelor's degree in IT (Information Technology), MIS, Accounting, Finance, Business Administration, related field, or equivalent experience
• 5+ years of combined information security risk, compliance, and governance experience
• Knowledge of and experience in utilizing various methodologies and frameworks (NIST, COBIT, COSO, ITIL, ISO 27001/27002 and 27018) 
• Working knowledge with a GRC tool like RSA Archer, Standard Fusion, etc.
• Possess excellent written and oral communications skills
• Excellent analytical, problem-solving, interpersonal, teamwork and project management skills
• Be able to communicate effectively with resources at all levels of the Modine organization
• Be able to work independently, meet deadlines, and drive for results
• Be able to think logically and independently and solve complex problems in their assigned area of responsibility
• Be able to apply the Modine Values and support the 80/20 initiatives