This position coordinates all activities of personnel engaged in and responsible for the creation, implementation, and execution of strategies and programs designed to reduce and mitigate information security risk across the enterprise. The role supports enterprise-wide information security and assurance function, ensuring that confidentiality, integrity, and availability requirements of information systems and assets are identified and managed appropriately.
Essential Duties and Responsibilities:
Responsible for identifying risks through a practical but comprehensive evaluation process.
Responsible for improving the content, quality and timing of governance, risk and compliance analysis and reporting.
Responsible for implementation of a proactive approach to risk management.
Accountable to control the growth of governance, risk and compliance-related expenses.
Responsible to direct and establish a timely and consistent approach to assess and improve compliance programs across the business.
Responsible for establishing an enterprise-wide view of gaps and improve risk response strategies.
Responsible for streamlining compliance programs across the enterprise to gain efficiencies and improve effectiveness.
Responsible for establishing consistent policies and standards across the enterprise to enforce ownership and accountability.
Leverages technology to aggregate controls, risk and compliance information to rapidly identify and report exceptions.
Responsible for conducting Operational Risk Assessments and Compliance Reviews.
Responsible for conducting and directing ERM assessments.
Conducts business unit self-assessments and reporting package development.
Responsible for strategy, operations and management in several functional areas in order to have a broad understanding of risk and compliance management.
Provides vision, leadership, planning, project coordination and management for the development of a cost-effective department while concurrently facilitating efficient operations to meet current and future business needs within the organization.
Represents company in community and industry, programs and conferences.
Upon request, functions as the department head in the absence of the executive leader.
Participates in the development of programs as a strategic partner that supports the company plan.
Participates in development of annual departmental budget, monitor budget and identify budget discrepancies. Researches cause and make recommendations.
EDUCATION AND EXPERIENCE:
Bachelor's degree in computer science or related field. Relevant combination of education and experience may be considered in lieu of degree.
7 years of experience leading information risk, security and governance teams, transforming functions and changing culture.
Experience with leading the response to incidents, crises, and investigations with sensitivity, tenacity, and a focus on detail.
Extensive experience in information security architecture, consultative stakeholder management, and strategic planning.
Experience with classified networks, information classification, and confidentiality requirements associated with high security environments.
Demonstrated experience in information security program management required. HITRUST experience desired.
QUALIFICATIONS
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
OTHER SKILLS AND ABILITIES:
Ability to utilize industry standards and best practices to assess, advise, design, and/or recommend complex, enterprise-wide, regulatory compliance, risk management, and/or internal audit organization structures, policies and procedures, methodologies, toolkits, and templates.
Ability to perform the following as it relates to Governance, Risk Management, and Compliance strategy, organization, policy and governance: program evaluation, risk assessment, controls identification and testing, state/federal regulatory audits, industry specific regulatory compliance (e.g., PCI, HIPAA, HiTrust etc.).
Ability to identify and address client needs: actively participating in client discussions and meetings; managing engagements including preparing concise, accurate documents and balancing project management with the occurrence of unanticipated issues.
Understanding of the enterprise information security architecture discipline, processes, concepts, and best practices.
Demonstrated consultative approach to driving change and deploying controls.
Knowledge of technological trends and developments in the area of information security and risk management.
Knowledge of information security and risk control frameworks as well as business continuity and IT disaster recovery frameworks.
Ability to quickly grasp how new technologies work and how they might be applied to achieve business goals.
Demonstrated ability to work effectively with a team, delivering high performance and customer satisfaction, in a culturally diverse, matrix management environment.
Strong facilitation skills and a clear ability to build strong relationships with business stakeholders at all levels, including executive managers and vendors.
Strong, proven problem-solving skills and the ability to identify, analyze, and resolve problems, driving solutions through to completion.
Ability to work with and empower others on a collaborative basis to ensure success of unit team.
Ability to effectively exchange information, in verbal or written form, by sharing ideas, reporting facts and other information, responding to questions and employing active listening techniques.
Ability to effectively present budgetary and/or cost information and respond to questions.
SUPERVISORY RESPONSIBILITIES
Directly supervises a varied number of employees in the designated department(s). Carries out supervisory responsibilities in accordance with the organization's policies and applicable laws. Responsibilities include interviewing, hiring and training employees; planning, assigning and directing work; appraising performance; rewarding and disciplining employees; addressing complaints and resolving problems.
ADDITIONAL INFORMATION
The above statements are intended to describe the general nature and level of work being performed by people assigned to this classification. They are not intended to be construed as an exhaustive list of all responsibilities, duties and skills required of personnel so classified. This job description does not constitute a contract for employment.
Pay Range - Actual compensation decision relies on the consideration of internal equity, candidate's skills and professional experience, geographic location, market, and other potential factors. It is not standard practice for an offer to be at or near the top of the range, and therefore a reasonable estimate for this role is between $102,400 and $171,500
We are an Equal Opportunity Employer. Diversity is valued and we will not tolerate discrimination or harassment in any form. Candidates for the position stated above are hired on an \"at will\" basis. Nothing herein is intended to create a contract.
