Overview

It's an exciting time to join Fisher Investments; we're investing in the future of our firm's technology and information security. Our business is growing internationally, which emphasizes the need to build an unparalleled team that promotes future global growth through strategic solutions and progress. We are important to supporting our firm's diverse businesses, and we are excited to continue solidifying that foundation as we add more experienced technologists to our Technology team.

The Opportunity:

The Information Security Risk Management position, reporting to the Associate VP of Information Security, will work with Information Security, Technology, Project, and Enterprise Risk Management teams to perform technology risk analysis and recommend controls. You will also develop, recommend, and implement technology risk practices following Fisher Investments Digital Asset risk management goals.

• Represent Information Security in Enterprise Risk Management technology reviews for Digital Assets, including evaluation of inherent risk, researching vendor practices and controls, recommending new practices and controls, and estimating residual risk
• Continuously mature Enterprise Risk Management evaluation procedures for Digital Assets
• Continuously collaborate with Information Security, Technology, and Data Privacy Subject Matter Experts to determine efficacy of technical and practical Digital Asset controls
• Research new possible technical and practical Digital Asset risk controls
• Perform security-focused risk and gap assessments to identify, document and track security risks associated with Cloud and physical IT infrastructure and services, Applications, Information systems, and Vendors/other third parties
• Identify risk levels and associated controls to manage risk levels applying both quantitative and qualitative techniques
• Translate risk management measures from technical to business language
• Provide security risk services to business owners and partners
• Understand and maintain a broad knowledge of methodologies and technologies in the area of risk assessments and controls measures

• 3+ years of experience in Enterprise Risk Management for Digital Assets, including development of risk evaluation processes, control evaluations and recommendations, and vendor research
• 3+ years of experience in Digital Asset audit review experience (including SOC 2 Type II, SOX compliance, PCI compliance, vulnerability reports, retention policies)
• Knowledge of Information Security and risk standards and frameworks such as NIST 800-53, CIS benchmarks, OWASP, ISO-27001, and COSO
• Experience assessing risk or implementing controls in a cloud-based enterprise environment
• Extensive knowledge of information systems, risk assessment methodologies and security control technologies
• Ability to balance risks in ambiguous and complex scenarios
• Team-oriented, highly collaborative, experience leading initiatives
• Experience in GRC platforms

• $100,000 - $140,000 base salary per year in the state of WA. New hires should expect to start at the lower end of the range depending on experience.
• Eligible for a discretionary bonus based on firm and individual performance

• 100% paid medical, dental and vision premiums for you and your qualifying dependents
• A 50% 401(k) match, up to the IRS maximum
• 20 days of PTO, plus 10 paid holidays
• Family Support programs including 8 week Paid Primary Caregiver Leave, fertility, family forming, and hormonal health assistance and back-up child, adult, and elder care
• $10,000 fertility, hormonal health and family-forming benefit
• Opportunity to participate in our hybrid work from home program. This program is subject to change. Based on tenure and performance eligibility, you will have the opportunity to work from home up to 75days per year