Security Risk Assessor
Why work at Fortress?
Fortress Information Security is one of the largest providers of supply chain risk management and cybersecurity/vulnerability risk management in the United States. The Fortress team consists of security experts who are recognized leaders on industry best practices and processes. Fortress is headquartered in Orlando, FL.
Fortress was recognized as one of Orlando’s 2019 Best Places to Work. Our organization was also recently published in Forbes magazine, among several other publications and recognized for our efforts in securing the U.S. power grid.
Fortress is seeking a Security Risk Assessor who is motivated and takes initiative in their role to improve the quality of their work and promotes team culture. You will work with internal and external stakeholders to perform validated control assessments on our clients’ third parties (vendors). These activities include, but are not limited to, meeting with client and vendor stakeholders, reviewing and analyzing vendor responses to security questionnaires, and ensuring assessment activity is accurately captured in the Fortress Platform in a timely manner. You will be responsible for consistently delivering high-quality deliverables and meeting service level agreements.
Role and responsibilities:
- Consistently deliver on assigned workload, commitments, deadlines and objectives while following established service level agreements in scope and leveraging appropriate tools, methods, frameworks, and professional standards.
- Continuously demonstrate the ability to work independently while representing the services of the department with the highest level of professionalism.
- Collaborate with internal partners and third parties to identify, track, and provide recommendations on mitigating third party risks.
- Represent Fortress as a key first point of contact to our clients and their third parties.
- Mentor junior team members and provide subject matter expertise.
- Contribute to the overall objectives and goals of the team; embraces teamwork and knowledge sharing
Minimum Qualifications:
- Attention to detail, sound judgement, logical thinking, drive tasks to completion, and meet deadlines in a fast-paced environment
- Demonstrated professional communication and client relationship skills.
- Ambition, drive, clear vision and a great attitude.
- Ability to adapt to changing business environment with periodic supervision.
- Must have at least 2-3 years of proven work experience in operational or information security risk management, or third-party security assessments.
- Technical experience in a customer/client-facing environment.
- Solid understanding of risk management concepts, particularly around information security, IT general controls, and basic audit terminology and concepts.
- Strong computer skills, including MS Office products (e.g. Word, Excel) and other business software.
- Understanding of information security frameworks (e.g. NIST 800-53, NIST CSF, ISO 27001).
Preferred Qualifications:
- Certification in security or risk management (CTPRP, CRISC, CISA, CISSP, Security ).
- Big 4 experience.
- Track record of success/top performer.
- Experience working in highly regulated industries such as financial services (PCI, GLBA), energy (NERC CIP), and/or healthcare (HIPPA) is a plus.
- Proven experience effectively prioritizing schedule and flexing workload to meet tight deadlines and challenging work objectives.
Required Education:
Bachelor’s degree with technical focus required (e.g., information technology, computer science, management information systems)
Preferred Qualifications:
- Certification in security or risk management (CTPRP, CRISC, CISA, CISSP)
- Big 4 experience
- Track record of success/top performer
- Excellent academic credentials
- Proven experience effectively prioritizing schedule and flexing workload to meet tight deadlines and challenging work objectives
- Ambition, drive, clear vision and a great attitude
Employment Benefits:
- Highly competitive pay structure
- Medical, dental, vision, life, short- and long-term disability insurance
- HIGHLY PROGRESSIVE accommodations for dependents and family plans
- 401(k) 3% Match up to 50% of employee contributions for all employees with no limitations on start date
- 3-weeks annual PTO
- Paid holidays
- Tuition and certification reimbursement opportunities
Employment Perks:
- We promote from within and provide great employee succession planning
- Great Ongoing Learning and Development opportunities offered for certifications and tuition reimbursement
- Employee Referral Programs
- Company Sponsored Events
- Casual dress daily
Fortress is an equal opportunity employer and does not discriminate or allow discrimination on the basis of race, color, religion, gender, age, national origin, citizenship, disability, veteran status or any other classification protected by federal, state, or local law.
For positions located in the US, the following conditions apply. If you are made a conditional offer of employment, you will be required to undergo a drug test. ADA Disclaimer: In developing this job description care was taken to include all competencies needed to successfully perform in this position. However, for Americans with Disabilities Act (ADA) purposes, the essential functions of the job may or may not have been described for purposes of ADA reasonable accommodation. All reasonable accommodation requests will be reviewed and evaluated on a case-by-case basis.