We are currently seeking a Senior Director IT Security Governance, Risk and Compliance. In this position, you will be responsible for identifying, analyzing, and influencing the management of information risks across the organization. This role includes management of technology risk, IT governance, IT compliance and overall risk management across the org. Leading this effort will include management of the Security Business Liaisons to effectively partner with internal and external groups in reporting out risk at multiple levels. Driving controls mapping, risk alignment & analytics along with meeting governance and compliance criteria are all inclusive of this leadership role.
Key Accountabilities:
- Building and maintaining information security policies, procedures and processes. Ensuring they are reviewed, current and up to date on a regular basis.
- Establishing a Create-Communicate-Execute process for all policies and working with relevant departments (e.g. Corporate Communications) to this end goal.
- Involved in customer, partner and vendor risk assessments and communicates them to information security “customers,” or business partners.
- Building and leading security awareness and training around InfoSec for the organization.
- Being directly involved with communicating information security awareness, updates, best practices, etc. to all employees, contractors, etc.
- Building out and executing upon a risk management strategy with roadmap deliverables, maturity modeling, risk register/catalog development and security/risk metrics.
- Developing, building and maintaining a common controls framework to map to NIST CSF, HIPAA, Privacy regulations, local, state and Federal regulations, etc.
Providing reporting and metrics toward the alignment of controls to risks and showing maturity models against it.
- Interfacing with Privacy Office and team to identify and address cyber risks to the organization, partners, customers, etc.
- Leading the Business Unit Liaison team to provide consultative advice that enables making informed, risk-based management decisions.
- Maintaining strong working relationships with individuals and groups involved in managing information risks across the organization.
- Performing focused risks assessments and communicating them to information security “customers,” or business partners.
- Identifying and implementing appropriate controls to effectively manage information risks as needed.
- Identifying opportunities to improve risk posture, developing solutions for remediating or mitigating risks and assessing the residual risk.
KEY ACCOUNTABILITIES
Percentage of Time
20%
Building out and executing upon a risk management strategy
20%
Building and maintaining information security policies, procedures and processes
10%
Developing, building and maintaining a common controls framework
10%
Interfacing with Privacy Office and team to identify and address cyber risks
20%
Leading the Business Unit Liaison team to provide consultative advice that enables making informed, risk-based management decisions
20%
Identifying opportunities to improve risk posture
TOTAL = 100%
SUPERVISORY RESPONSIBILITIES
DIRECT REPORTS:
3
INDIRECT REPORTS:
0
EDUCATION AND EXPERIENCE
MINIMUM REQUIREMENTS
PREFERRED
- Bachelors’ degree required. Master’s degree preferred in computer science or similar
- 7+ years of information security experience required
- One or more of the following certifications is required: CISSP, CRISC, CHP, CHSE, GSEC, CISM/CISA, ITIL and/or other related Information Security certification.
- A solid understanding of governance, risk and compliance required
- Strong presentation, verbal and written communication skills with the ability to articulate complex ideas in easy to understand business terms to all levels of management including senior leaders required
- Knowledge of and experience with privacy and security law issues, particularly HIPAA, required
- Knowledge of information risk management governance, policies, & libraries, analytics & reporting, and issue management required.
- Experience working with current and emerging information security technologies and development methodologies required.
- Strong collaboration skills
- trong business acumen
- Understanding of respective industry best practices (e.g., NIST, HIPAA, HITRUST, ISO, COBIT, OWASP, ITIL, etc.).
- Excellent collaboration skills including ability to lead cross functional teams and build consensus.
- Demonstrates working knowledge with MS-Office suite of software applications and tools, including: Microsoft Word, Excel, PowerPoint, and MS-Project, MS-Outlook
Required Skills
Required Experience