Principal Analyst, Cyber Risk Management T-Mobile USA
Bellevue, WA

Job Description

Check out this role within T-Mobile's Digital Security Organization (DSO): Principal Analyst - Cyber Risk Management!

The right candidate for this Principal Analyst role is a senior information security leader who oversees enterprise information security Governance, Risk and Conformance (GRC) functions. You will be an integral part of the development, vision, road map and project plans for the GRC function, implementing them and driving them to fruition.

The individual in this role will work closely with both the Sr Manager and Director of Cyber Risk to develop and lead the Cyber Risk team and function. This includes frameworks, processes, policies, and documentation. The Cyber Risk team focuses on tracking, managing, and driving the remediation of various cyber risks that are discovered. This role reports directly to the Director of Cyber Risk.As America's Un-carrier, T-Mobile USA, Inc. (NASDAQ: "TMUS") is redefining the way consumers and businesses buy wireless services through leading product and service innovation. The company's advanced nationwide 4G and 4G LTE network delivers outstanding wireless experiences for customers who are unwilling to compromise on quality and value. Based in Bellevue, Washington, T-Mobile USA. Inc. provides services through its subsidiaries and operates its flagship brands, T-Mobile and Metro by T-Mobile. For more information, please visit http://www.t-mobile.comMinimum Requirements:

* Over 7+ years' experience in a dedicated information security role with 8 or more years in a large enterprise
* 4+ years leading information security governance and risk activities
* Leadership experience within an information security organization, in the telecommunication industry
* BS in Computer Science or equivalent experience, Masters a plus
* CISSP, CISA, CISM, or other security management related certification a plus

Other Qualifications:

* Extensive experience leading and executing cyber security risk assessment activities for large enterprises
* Experience designing, implementing, and managing cyber security risk management programs.
* Extensive knowledge of enterprise cyber security management practices, governance, risk and conformance assessment methodologies, and the selection of each according to business objectives
* Exceptional understanding of mitigating controls at the process, systems, network, application, and data level
* Knowledge of critical infrastructure and national telecommunication carrier security issues and requirements
* Experience translating complex and ambiguous problems into understandable components and actionable plans
* Knowledge of regulatory and contractual requirements and best practices such as NIST 800-53, NIST-CSF, SOX, PCI-DSS, CFR 42 (HIPAA), ITIL, etc.
* Excellent communication, presentation and relationship skills, especially the ability to articulate advanced technical topics and build consensus among business and technical constituents
* Strong leadership and mentoring skills
* Self-driven and motivated with excellent organization, administrative, interpersonal skills and project management
* Digital Security
* Working with technology teams and business teams to validate and score cyber risk issues
* Develop remediation plans that can be understood by both technical and non-technical resources
* Managing remediation projects to completion
* Reporting on ongoing status of remediation with all concerned parties
* Conduct meetings and sessions with teams to discuss status, remediation plan, and reporting
* Partner closely with teams to score risks, develop remediation, and manage remediation to closure
* Develop processes and framework for the Cyber Risk team
* Provide proactive guidance to technology teams regarding the changing security, risk, and compliance landscape
* Drive and execute the enterprise Cyber Risk program via the GRC tool
* Evaluate and report to all levels of management on the Cyber Risk program
* Mature the GRC tool capabilities to deliver accurate and real reporting to all levels of management across T-Mobile
* Support, train and provide consultative services to a network of privacy individuals across the enterprise to evangelize the Cyber Risk Program
* Trains and mentors senior security analysts within DSO and across other technology teams
* Assist the DSO Sr. Manager, Cyber Risk in appropriately managing the resource allocation and forecasting tools to ensure effective use of all resources
* Determining and securing the resources and materials needed to perform the work of the unit
* Interviewing, selecting and training employees
* Exercises discretion and judgment in defining information security risk strategy, in mentoring and training personnel, and when working with business and technology counterparts