AVP IT Risk (443322)

Vaco
$60.00 - $90.00 / hr
United States, Texas, Dallas
Apr 10, 2025
AVP IT Risk \| 443322 DETAILS *Location: 100% Remote \| DFW-local candidates strongly preferred, but not required, for the occasional onsite quarterly meetings, required events, etc. Position Type: 6M C2H or Direct-Hire (based on candidate preference) Hourly / Salary: $120K-$160K + 20% bonus structure JOB SUMMARY* Vaco Technology is currently seeking an Assistant Vice President of IT Risk for a 6M C2H or Direct-Hire (based on candidate preference) that is 100% remote-based. The AVP IT Risk will coordinate and deliver the IT Risk Program, including information security, business continuity / disaster recovery, and enterprise IT program management. The AVP IT Risk will identify, evaluate, and report on information technology risks, ensuring compliance and regulatory standards are met and aligns / supports the overall risk posture. Expertise in Information Security - Proven History of Developing / Implementing / Managing / Auditing Cybersecurity Strategies / Policies / Procedures Assist IT Risk Team in Continuously Enhancing the Global Infrastructure Security Program - Delivering Security Projects Addressing Identified Risks / Business Security Requirements Manage / Deliver the Business Continuity / Disaster Recovery Program - Enhancing Existing Practices / Continuity Testing Manage / Coordinate Enterprise Infrastructure Technology Programs - Aligning with Business Requirements Perform Ongoing Enhancement of Global Information Security Policies / Procedures - Ensuring Operating Efficiency / Regulatory/Legal Compliance Support Global Team in Incident Response - Coordinating Operational Components of Incident Management Provide Guidance to Senior Management on Remediation - Information Security Gaps / Reporting Remediation Activities, etc. Collaborate / Perform IT Risk Assessments - High-Level Monitoring of Security Vulnerabilities / Cybersecurity Threats / Audits / Tests, etc. Define Metrics / Reporting Strategies - Effectively Communicating Successes / Progress of Security Program Support the Provision of Regular / Appropriate Cybersecurity Communications / Awareness / Training Deliver Information Security Vendor / Key 3^rd Party Risk Assessments Prepare Regular Information Technology Risk Management Updates - Relating to IT Risk Operations / Attend Security Governance/Operational Meetings Support the Global Data Governance Program Operational / Project Deliveries Complete Security Assessments / Assurance Updates - Relating to Key 3^rd Parties / Investors / Rating Agencies Exceptional Communication / Organizational Skills / Attention to Detail - Ability to Interface with All Levels (including Execs / Stakeholders) / Ability to Successfully Communicate Security/Risk-Related Concepts to Technical/Non-Technical Audiences About the Project: The current AVP IT Risk is retiring at the end of May 2025 and they are looking to bring on a new AVP IT Risk, as soon as possible, to participate in deep and rich knowledge transfer. The current AVP IT Risk has been with the company for many years and the role has grown over time. The AVP IT Risk has no direct reports. The AVP IT Risk will be heavily involved in Information Security, Business Continuity, and Disaster Recovery, where previous experience implementing and maintaining these programs will be critical. Currently, they heavily utilize NTT Americas as their MSP / MSSP Partner as well as additional 3^rd Party Vendors, for monitoring threats / incidents, vulnerability, penetration testing, and risk assessments. The AVP IT Risk will not have access to the SIM so there will be no direct hands-on analysis / activities but will be heavily involved in the coordination of remediation, guiding and leading the SOC, and coordinating with internal business users / IT teams when security events are occurring. The AVP IT Risk will coordinate vulnerability, pen testing, and risk assessments with 3^rd Party Vendors, assessing results, and coordinating with the MSP and/or internal tech teams to ensure tickets are being entered and remediated in a timely manner. The current AVP IT Risk also came with an Enterprise Architecture background and stepped in when new tools were being introduced and/or optimizing existing tools, including enhancing meetings, coordination, and overall management. The ideal AVP IT Risk will have a technology-driven mindset and be willing to dig into technologies, that may not be initially familiar, to learn it, understand it, and then identify ways to best optimize it. As an example, the current AVP IT Risk recently took over their enterprise Teams initiative. The AVP IT Risk had no prior Teams experience but embedded herself within the technology to provide recommendations on how the company could more effectively and efficiently utilize the product to get the absolute most out of it. While this type of responsibility typically falls outside of the normal scope of an AVP IT Risk, they are looking for someone who is tech savvy, driven, and willing to take on side projects as they arise. OnPrem-to-Azure Cloud Migration: Currently, they are in the middle of a large-scale effort to migrate OnPrem to the Cloud. They have successfully migrated a data center into Azure and they are currently working towards getting their Europe and North America operations migrated, where they have 30-40 North American servers successfully migrated to the cloud. The overall goal is to have as much as possible migrated to the cloud by the end of 2025, understanding that some areas may not be able to be fully migrated and other areas that may extend beyond the end of 2025 due to required testing, etc. JOB REQUIREMENTS AVP IT Risk - Develop / Implement / Manage / Audit Cybersecurity Strategies / Policies / Procedures \| Managing Outsourced Environments Disaster Recovery / Business Continuity Frameworks \| ISO-22301 - Continuity Planning / Risk Assessment and BIA (Business Impact Analysis) / Resource Management / Emergency Response and Recovery / Testing and Exercising / Monitoring and Continuous Improvement Vendor Management - Security-Related Vendor / MSP / 3^rd Party Management Monitoring Threats / Incidents - Heavy Coordination with MSP and/or Internal Tech Teams for Remediation / Guiding and Leading SOC / Coordination with Internal Business Users/IT Teams During Security Events Vulnerability / Pen Testing - Coordination with 3^rd Party Vendor / Reviewing and Assessing the Results / Coordination with MSP and/or Internal Tech Teams to Ensure Tickets are Entered / Remediated Timely Risk Assessment - Coordinate / Manage Risk Assessments with 3^rd Party Vendors MS Suite of Tools - Teams (strongly preferred) Vaco by Highspring values a diverse workplace and strongly encourages women, people of color, LGBTQ+ individuals, people with disabilities, members of ethnic minorities, foreign-born residents, and veterans to apply. EEO Notice Vaco by Highspring is an Equal Opportunity Employer and does not discriminate against any employee or applicant for employment because of race (including but not limited to traits historically associated with race such as hair texture and hair style), color, sex (includes pregnancy or related conditions), religion or creed, national origin, citizenship, age, disability, status as a veteran, union membership, ethnicity, gender, gender identity, gender expression, sexual orientation, marital status, political affiliation, or any other protected characteristics as required by federal, state or local law. Vaco by Highspring and its parents, affiliates, and subsidiaries are committed to the full inclusion of all qualified individuals. As part of this commitment, Vaco by Highspring and its parents, affiliates, and subsidiaries will ensure that persons with disabilities are provided reasonable accommodations. If reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please contact HR@vaco.com . Vaco by Highspring also wants all applicants to know their rights that workplace discrimination is illegal. By submitting to this position, you agree that you will be giving Vaco by Highspring the exclusive right to present your as a candidate for the foregoing employment opportunity. You further agree that you have represented information about yourself accurately and have not affirmatively misrepresented your qualifications. You also agree to maintain as confidential, to the fullest extent permitted by law, any information you learn from Vaco by Highspring about the position and you will limit disclosure of information about the position only to the extent necessary to perform any obligations in furtherance of your application. In exchange, Vaco by Highspring agrees to exercise reasonable efforts to represent you through all solicitation, job screening and resume dispersal. Privacy Notice Vaco by Highspring and its parents, affiliates, and subsidiaries ("we," "our," or "Vaco by Highspring") respects your privacy and are committed to providing transparent notice of our policies. California residents may access Vaco by Highspring HR Notice at Collection for California Applicants and Employees here. Virginia residents may access our state specific policies here. Residents of all other states may access our policies here. Canadian residents may access our policies in English here and in French here. Residents of countries governed by GDPR may access our policies here. Pay Transparency Notice Determining compensation for this role (and others) at Vaco by Highspring depends upon a wide array of factors including but not limited to: the individual's skill sets, experience and training; licensure and certification requirements; office location and other geographic considerations; other business and organizational needs. With that said, as required by local law, Vaco by Highspring believes that the following salary range referenced above reasonably estimates the base compensation for an individual hired into this position in geographies that require salary range disclosure. The individual may also be eligible for discretionary bonuses.