ABOUT LUMEN

Lumen connects the world. We are igniting business growth by connecting people, data and applications – quickly, securely, and effortlessly. Together, we are building a culture and company from the people up – committed to teamwork, trust and transparency. People power progress.
We’re looking for top-tier talent and offer the flexibility you need to thrive and deliver lasting impact. Join us as we digitally connect the world and shape the future.

THE ROLE

Lumen is looking for an experienced risk professional to further develop and drive our risk management capabilities focused on enabling the business to make risk-informed decisions. Reporting to the Senior Director Security and Risk Management, the Sr. Lead Security Engineer will be responsible for leading the maturing of our risk management framework, policy and standard for cyber risk management. This successful candidate will further perform product and business level risk assessments, manage metrics and reporting to support the business in making risk informed decisions.
This risk professional will work closely with risk owners and leaders in the line of business, security, privacy, compliance, technology, and internal audit. The position requires strong skills and experience in the following areas: leadership, risk management, verbal and written communication, problem solving, experience driving organizational change, and interpersonal skills.

THE MAIN RESPONSIBILITIES

• Engage stakeholders and risk owners to improve Lumen’s risk culture, and drive risk informed discussions.
• Develop and manage risk management framework, policies, standards and provide risk reporting and oversight.
• Map and perform control testing to assure control compliance.
• Conduct periodic risk assessments to ensure that legal, regulatory, and audit requirements are met. Perform risk analytics and reporting to identify potential patterns, trends as well as target areas for proactive focused deep dive assessments.
• Plan and review annually the risks influencing the effectiveness of information security, privacy, and information security risk management.
• Manage and support an enterprise wide GRC platform and automation process to standardized risk assessment process.
• Promote and oversee strategic security relationships between internal resources and external entities, including government, vendors, and partner organizations
• Providing advisory services to other parts of the business to assist in the prioritization and remediation of open risk items.
• Maintain and enforce the Security exception process; track progress and the completion of remediation plans.
• Contribute to the development of metrics, key risk indicators and key performance indicators to assess and report on inherent risks, control strength and residual risk in a consistent and objective manner.
• Coordinate and support security audits and assessments to evaluate policy compliance and existing defenses and to identify vulnerabilities.