Integrated Risk Engineer (FAIR)

Who are we?

Integrated Risk Engineer (FAIR)

Job Description

The Integrated Risk Engineer is a measurement specialist who directly contributes to the operationalizing of risk management processes to enable a continuous and unified view of information risk across the entire enterprise attack surface. This role is tailored for an individual contributor who will work with a group of dedicated risk engineers collectively providing valuable input to the Integrated Risk Program Senior Manager. The individual filling this role is one who demonstrates the ability to deliberately think through complex technical and business issues to solve measurement problems. This individual should be prepared to articulate risk issues regularly and clearly among widespread audiences with varying levels of experience and understanding of risk concepts.

Responsibilities

• As a champion for the promotion of more formal measurement methods to enable better informed strategic, tactical, and operational decision making

• As a leader of scalable initiatives that normalize, implement, and operationalize quantitative risk analysis methods supporting IT organizations, regional business functions, and revenue generating product lines

• As a sponsor of an RMaaS offering providing services that enable risk to be explicitly managed at an acceptable level

• As an analyst incorporating the outside and inside view to estimate risk factors and employ Monte Carlo modelling to accurately forecast risk

• As a designer demonstrating effective risk visualization techniques that allow decision makers to evaluate alternatives in well-designed choice environments

• As a controls expert with the ability to translate the effectiveness of controls to risk in the context of how it directly effects business loss

• As a team member performing quality assurance of your own and fellow analyst output, including the evaluation of data quality, measurement validation, and inspection of results

• As a mature communicator of risk analysis purpose, scope, approach, and results to decision makers and other invested stakeholders

• As an innovator enhancing the measurement of control efficacy and risk-reduction value of security controls

• As a metrics expert developing and operationalizing Key Risk Indicators and Key Performance Indicators that are actively being used to inform decision making

• As a coordinator of data-gathering initiatives to improve the precision of risk modelling and reliability of the results

• As a consultant providing training, advisement, and direct support to partners seeking to implement quantitative methods to measure and manage risk

• As a contributor committed to testing new functionality in our current risk analysis toolset and providing feedback to be utilized in solution development

• As an integral part of the building and adoption of a unified Enterprise Risk Management approach aligning with the three lines model to accelerate risk-based decision making at scale

• As a professional carrying out the processes defined by the Information Risk Management Framework within an automated decision support platform

Qualifications

• 3 or more years of experience as an individual contributor practically using quantitative modeling techniques

• Strong practical application of critical thinking and analytical skills to complex business problems.

• A “fail fast” mindset and strong understanding of the impact of opportunity costs

• Capability to triage and balance multiple tasks and competing priorities

• Extensive practical experience using the Open Group Standards Risk Analysis (O-RA) and Risk Taxonomy (O-RT)

• Advanced security and risk literacy that enables effective communication channels with security teams and business partners

• Experience with one or more of the following controls frameworks, standards organizations, and/or regulations: FAIR-CAM, ISO, NIST CSF, NIST 800-53, PCI-DSS, CUI/CMMC, CIS, SOX

• Prior work experience in any of the following areas: Pentest/Red Teaming, Vulnerability Management, Threat Modelling, IT Audit, Software Development and Security, Network Architecture and Security, Security Operations, Incident Response, Security Architecture and Engineering, Vulnerability Management, Threat Modeling, Third-Party Risk Management, Enterprise Risk Management

• One or more of the following industry-recognized certifications: CRISC, Open FAIR, CRMP, CISSP, CISM, CISA

• An undergraduate degree in the domains of IT, Security, Risk, or Economics

• Experience using security telemetry data to automate the calculation of risk

• Experience quantifying operational and strategic risks outside of IT and Information Security

• Extensive experience with using an automated decision support platform to implement advanced risk management workflows

• Experience generating reports and dashboards to visualize data with PowerBI

• A Graduate degree in the domains of IT, Security, Risk, Psychology, Marketing, or Economics

Equinix is committed to ensuring that our employment process is open to all individuals, including those with a disability. If you are a qualified candidate and need assistance or an accommodation, please let us know by completing this form.

Equinix is an Equal Employment Opportunity and, in the U.S., an Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to unlawful consideration of race, color, religion, creed, national or ethnic origin, ancestry, place of birth, citizenship, sex, pregnancy / childbirth or related medical conditions, sexual orientation, gender identity or expression, marital or domestic partnership status, age, veteran or military status, physical or mental disability, medical condition, genetic information, political / organizational affiliation, status as a victim or family member of a victim of crime or abuse, or any other status protected by applicable law.

The United States targeted pay range for this position in the following location is / locations are: • San Francisco, CA / Bay Area: $128,000 to $211,000 per year • California (Non-SF/Bay Area), Connecticut, Maryland, New York, New Jersey, Washington state: $119,000 to $196,000 per year • Colorado, Nevada, Rhode Island: $108,000 to $178,000 per year Our pay ranges reflect the minimum and maximum target for new hire pay for the full-time position determined by role, level, and location. Individual pay is based on additional factors including job-related skills, experience, and relevant education and/or training. This position may be offered in other locations. Your recruiter can share more about the specific pay range for your preferred location during the hiring process. The targeted pay range listed reflects the base pay only and does not include bonus, equity, or benefits. Employees are eligible for bonus, and equity may be offered depending on the position. As an employee, you become important to Equinix’s success. Details about our company benefits can be found at the following link: USA Benefits eBook

Equinix is committed to ensuring that our employment process is open to all individuals, including those with a disability.  If you are a qualified candidate and need assistance or an accommodation, please let us know by completing this form.