Function/Overview:
Manage a team responsible for the HBUS and HBIO information security risk assessment framework. Develop and execute plans for the proper assessment of risks for components of the Information Security Program including documentation development and update to substantiate program and activities board reporting to satisfy GLBA requirements.
Duties and Responsibilities:
- Lead development of and manage staff responsible for a comprehensive information security risk assessment framework for HBUS and HBIO.
- Develop and execute plans for the proper assessment of risks for components of the Information Security Program including documentation development and update to substantiate program and activities board reporting to satisfy GLBA requirements.
- Educate those responsible and accountable for framework components.
- Develop and execute schedules for routine updates to ensure timely knowledge of, remediation of and where necessary, escalation/notification of risks.
- Work with and support adherence to regulatory and compliance issues/concerns by ensuring topics are addressed properly.
- Identify opportunities to create new/update existing information security standards as required.
- Participate in other administrative functions in support of Management.
Special Requirements/Comments:
- Will be required to travel 20-40% of the time.
- Provides after-hour and weekend support as required. Experience: Requirements
- Strong working knowledge of ISO 17799, FFIEC guidance on information security and Graham-Leach-Bliley Act.
- Strong working knowledge of risk assessment and management processes.
- Knowledge and experience in development of board level reporting.
- Experience interacting with Compliance, Internal Audit, External Audit and Regulatory teams.
- A Bachelor's degree in business, risk management, management information systems, related technical field or equivalent professional level of knowledge and experience.
Eight to ten years progressive technology, security and/or risk management experience.
- Minimum 3 years information security and management experience.
- Strong demonstrated understanding of security principles, policies, and industry best practices. Security certification and/or project management certification is a plus.
- Excellent written communication skills using Word, Excel and Powerpoint.
- Excellent verbal communication and presentation skills.
- Strong project management, communications, technical planning, people and team management skills, particularly with project and cross-functional teams.
- Demonstrated ability to think quickly and take risks commensurate with responsibility.
- Ability to work with all levels of management and technical support to further the goals of the department.
- Expertise in negotiation skills, active listening, and building relationships.
- Experience working in a high-pressure environment.
- Ability to translate directions into actionable plans delivered on time and within budget.
- Ability to learn quickly and implement new technologies in a rapid, demanding, and changing environment, establishing realistic yet aggressive timeframes.
- Ability to feel comfortable working with unproven/challenging new concepts. Desire to learn new and different approaches.
- Must possess a "can do" attitude, positive thinker. To Apply to this job go to http://www.GadBall.com or click here