First Quality · 2 weeks ago
Technology Risk Lead
Pennsylvania, United States
Full-time
Onsite
Senior Level
6+ years expFirst Quality is committed to safeguarding their information assets through a robust Information Security Program. The Technology Risk Lead will be responsible for developing and delivering this program, focusing on risk management, compliance, and security awareness initiatives across the organization.
ConsumerHealth CareInformation ServicesManufacturingRetail
Hiring Manager
Adam Rubenstein
Responsibilities
Perform technology risk assessments and control assessments to ensure systems and applications (on-prem and in the cloud) are complying with First Quality policies, applicable regulatory and legal requirements, and leading industry frameworks and practices
Assist with the Cyber Business Impact Analysis (CBIAs) process to determine the overall confidentiality, integrity, and criticality of all systems and platforms
Mature the Information Security Risk Management Program by managing the IS risk register and ensuring appropriate risk management strategies are in place and followed up on
Meet with business stakeholders to quantify risks across the organization and maintain the top board level security risks
Develop and drive the implementation of security best practices and standards to mature the overall IS Risk Management Program which includes defining security system and application standards of control
Provide GRC advisory services to the business (technical and non-technical) to ensure Information Security standards are implemented and appropriate risk mitigation strategies are implemented
Work with the Manager of Information Security Governance, Risk, Compliance and Strategy as well as senior leadership to determine the acceptable level of risk for enterprise computing platforms
Liaise with key functional teams such as HR, IT, Digital Marketing, Finance, Internal Audit, Enterprise Risk, Quality, Office of General Counsel, and the Business to identify new applications and service providers in use and the associated security controls necessary to secure the data
Investigates incidents and events that include potential HIPAA and other data breaches, data leakage, brand reputational risks, malware propagation, system compromises etc
Assist with operationalizing the Data Loss Prevention (DLP) Program by reviewing and enhancing security technologies, configurations, and policy alerts from systems such as MS Purview and Compliance Center, CrowdStrike, Palo Alto, Netskope etc
Establish and maintain Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) for the Data Governance Security Program and initiatives
Oversee the enterprise wide IS Security Awareness Program which includes phishing simulations, computer-based training, proactive communications on latest threats, workshops, and newsletters
Promote a security mindset through enterprise and functional team specific presentations and initiatives
Work with the Office of General Counsel and both the Director and Manager of Information Security Governance, Risk, Compliance and Strategy to ensure the Information Security team stays abreast of new regulatory, legal and/or compliance security and privacy requirements to compliance against
Ensure compliance with HIPAA and applicable legal and regulatory requirements
Qualification
Required
B.S. in a technology discipline (Computer Science, Information Management, Computer Engineering, Cybersecurity or equivalent); Security certifications such as CompTIA Security +, CISSP, CISA, CCNA or equivalent or working towards certification is preferred
6+ years' experience working directly in an Information Security or Information Technology department with experience in developing testing security frameworks for compliance
Hands-on experience with assessing security configurations in Windows/Mac/Linux environments, Azure and other cloud environments, SQL and Oracle databases
Strong knowledge & understanding of endpoint, server, network design and topologies
Strong understanding of a 'hacker's' mentality
Excellent written and oral communications skills; ability to lead discussions, present complex ideas to audiences of all sizes, and interact with all levels of the organization
Ability to self-manage, work independently with little direction and/or supervision but also work collaboratively in a team environment
Working knowledge of the following frameworks and regulations: ISO 27001/2, NIST 800-53, NIST CSF, CIS Benchmarks, ISF Standard of Good Practice, HIPAA Privacy Rule and Security Rule, MITTRE ATT&CK framework
Ability to prioritize and multitask and a work approach that supports flexibility and adaptability is paramount
Detail oriented and ability to think outside of the box to propose solutions to risks
Ability to communicate security risks to non-technical business stakeholders
Preferred
Security certifications such as CompTIA Security +, CISSP, CISA, CCNA or equivalent or working towards certification is preferred
Experience with Netskope, Azure Purview, OneTrust or similar GRC tools is a plus
Experience with Operational Technology (OT) environments and securing manufacturing devices a plus
Company
First Quality
Manufacturing Adult Incontinence Products, Feminine Hygiene Products, Baby Wipes, Adult Washcloths, and Consumer Paper Products.
5001-10000 employees
H1B Sponsorship
First Quality has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (4)
2024 (6)
2023 (1)
2022 (2)
2021 (1)
2020 (3)
Funding
Current Stage
Late StageLeadership Team
Mike Janiak
Chief Information Officer
Recent News
2025-10-07
Company data provided by crunchbase