This position coordinates activities for the creation, implementation, and execution of strategies and programs designed to reduce and mitigate information security risk across the enterprise. The role supports enterprise-wide information security and assurance function, ensuring that confidentiality, integrity, and availability requirements of information systems and assets are identified and managed appropriately in accordance with organization policies, standards, and processes in accordance with business needs. * Responsible for identifying risks through a practical but comprehensive evaluation process. * Responsible for assisting in the implementation of a proactive approach to risk management. * Responsible for the analysis, enforcement, and reporting of governance, risk, and compliance in alignment with applicable industry frameworks, policies, standards, and processes. * Conduct, analyze, and improve vulnerability scanning across the enterprise. * Provide assessment reports and metrics outlining the overall cybersecurity posture within the organization, recommending viable remediation actions and milestones. * Assists in engagements involving Operational Risk and ERM, emphasizing assisting businesses with the assessment and improvement of their risk management processes and program. * Supports vision, leadership, planning, project coordination and management for the development of a cost-effective department while concurrently facilitating efficient operations to meet current and future business needs within the organization. * Participates in the development of programs as a strategic partner that supports the company plan. * Conducts business unit self-assessments and reporting package development. * Supports establishing consistent policies and standards across the enterprise to enforce ownership and accountability. * Leverages technology to aggregate controls, risk, and compliance information to rapidly identify and report exceptions. * Validate the efficacy, sustainability, and implementation of existing controls. * Promote and raise awareness of cybersecurity programs and posture, driving change and influencing proper cybersecurity hygiene within the organization. * Communicate technological and cybersecurity concerns to relevant business entities. * Maintain in-depth awareness of current cybersecurity trends and technology. * Create, disseminate, and/or amend procedural and technical documentation on an as-needed basis. * Represents company in community and industry, programs, and conferences. * Responsible for balancing workload to optimize the effectiveness of the department. EDUCATION * Bachelor's degree in computer science or related field required. * Relevant combination of education and experience may be considered in lieu of degree. * Continuous learning, as defined by the Company's learning philosophy, is required. * Certification or progress toward certification is required. EXPERIENCE * 5 years of experience in information risk, security, and governance, transforming functions and changing culture. * Experience with responding to incidents, crises, and investigations with sensitivity, tenacity, and a focus on detail. * Extensive experience in information security architecture, process management, and strategic planning. * Experience with classified networks, information classification, and confidentiality requirements associated with high security environments desired. HITRUST experience preferred. QUALIFICATIONS * Ability to perform the following as it relates to Governance, Risk Management, and Compliance strategy, organization, policy, and governance: program evaluation, risk assessment, controls identification and testing, state/federal regulatory audits, industry specific regulatory compliance (e.g., PCI, HIPAA, HiTrust etc.). * Ability to utilize industry standards and best practices to assess, advise, design, and/or recommend complex, enterprise-wide, regulatory compliance, risk management, and/or internal audit organization structures, policies and procedures, methodologies, toolkits, and templates. * Ability to identify and address client needs: actively participating in client discussions and meetings; providing insightful and meaningful recommendations with the occurrence of unanticipated issues. * Ability to articulate technological and cybersecurity concerns with relevant business entities. * Basic understanding of cybersecurity frameworks along with the hardware and software they are designed to protect. * Understanding of the enterprise information security architecture discipline, processes, concepts, and best practices. * Demonstrated consultative approach to driving change and deploying controls. * Knowledge of technological trends and developments in information security and risk management. * Knowledge of information security and risk control frameworks as well as business continuity and IT disaster recovery frameworks. * Ability to quickly grasp how new technologies work and how they might be applied to achieve business goals. * Demonstrated ability to work effectively with a team, delivering high performance and customer satisfaction, in a culturally diverse, matrix management environment. * Strong facilitation skills and a clear ability to build strong relationships with business stakeholders at all levels, including managers and vendors. * Strong, proven problem-solving skills and the ability to identify, analyze, and resolve problems, driving solutions through to completion. * Ability to work with and empower others on a collaborative basis to ensure success of unit team. * Ability to effectively exchange information, in verbal or written form, by sharing ideas, reporting facts and other information, responding to questions, and employing active listening techniques. WORKING CONDITIONS: Work is performed in an office setting with no unusual hazards. Some travel is required. PAY RANGE: Actual compensation decision relies on the consideration of internal equity, candidate's skills and professional experience, geographic location, market and other potential factors. It is not standard practice for an offer to be at or near the top of the range, and therefore a reasonable estimate for this role is between $63,300 and $143,600 #AFG #AF-AD1
To view the full job description, click here
