Cybersecurity Technology Risk Consultant @ Kimberly-clark Lever

The ideal candidate will need to be able to handle technical escalations and represent the organization in technically , politically , or challenging engagements. Facilitate team operations and ongoing execution of work activity. Backup all teammates in all engagements as necessary/warranted.

Responsibilities:

• Partner with the CISO/BISO organization , Strategy , Operations and Engineering , and IT Business Partners to understand the Kimberly- Clark business and help minimize cybersecurity risks with existing solutions and new initiatives

• Work closely with IT B usiness Partners and E nterprise A rchitects in designing system solution s following a risk- based approach and ensure the solution is aligned with internal controls and security policies

• Support and facilitate the IT cybersecurity vendor risk assessment process , driving automation and i mprove ment with third- party risk evaluation to aid in efficiency with identifying risk

• Develop criticality levels for third- party vendors following a standard risk- based approach

• Support stakeholders with remediat i on of risk , gaps or issues identified during the vendor cyber security risk assessment that exceed s the risk tolerance of the company

• C ollaborate with the Sales , Marketing , Supply C hain , HR , Legal and Finance organization to evaluate third- party v endor cybersecurity risks and provide guidance for remediation

• A bility to develop technical white papers and best practice guidelines to achieve consistency with applying and enforcing security policy

• Provide assistance with Threat Modeling , Penetration Testing , SDL , Code Security Reviews and Cloud security reviews

• Collaborate with Kimberly- Clark Legal team to understand global data privacy /protection requirements

• Maintain a broad understanding of compliance across applications and networks for PCI , HIPAA , PII , and SOX

Qualifications :

• Bachelor s d egree required , preferably in computer science or information systems

• 6 + years of Information Security , with a background in cyber s ecurity and c ompliance experience

• Experience working in Agile or Waterfall methodology and a n understanding of phased approaches to the Software Development Life Cycle

• Ability to communicate clearly and effectively with both technology/development and business partners ; s trong technical communication skills , both written and verbal; ability to explain technical security concepts to stakeholders in non- technical business language

• Experience working in a matrix model , as the technology risk consulting team supports operational and transformational efforts globally across Kimberly- Clark

• Service l evel m anagement experience

• Knowledge and experience of Information Security Risk and Security governance

Preferred qualifications :

• While experience in several IT disciplines may provide a solid framework for this position , hands- on results from performing IT risk assessments , information security consulting or IT audits are most beneficial

• Experience in the following regulations and f rameworks: PCI , ISO 27001/2 , SOC/SSAE 18 , HIPAA , GLBA , NIST 800

• Security certifications such as CISSP , CISM , CEH , CISA , etc. are a plus.