Head, IT Security Program Management and Governance
Major Responsibilities
This management position will lead overall governance for IT security. The oversight will drive development and refinement of IT Security policies and standards in line with Corporate Policies, implementation of appropriate compliance processes and the generation of appropriate dashboard status reporting and communication. Risk based portfolio management and prioritization of IT security initiatives will also be a key responsibility, working closely with the Corporate Security Office to understand business operational risks. This position will lead in the definition of the IT security strategy and ensure tactical approaches are appropriate to these goals.
Principal Accountabilities:
Portfolio Management -Understand operational risks and ensure appropriate initiatives are defined, prioritized and funded. Ensure interdependencies are clear. Coordinate overall IT security budget.
Apply current knowledge of IT trends and IT systems processes to identify security and risk management issues.
Program and Project Management - Serve as a project champion for all security initiatives, managing resource and scope issues and ensuring quality of final deliverables.
Industry Awareness - Participate in industry initiatives to understand best practices, latest trends, threats, and how others are responding.
Stakeholder Management -Work closely with business, IT, PMO and Corporate Security Office management to define and implement appropriate roles/responsibilities, and understand threats and responses.
Compliance and Reporting - Develop effective governance framework and enforcement mechanisms. Develop means for IT security strategy to be maintained measures and communicated. Ensure redundant or missing activities are identified and addressed.
Policy and Standard Development - Review and manage IT policies to map to and enforce Corporate Security policies, identifying gaps and opportunities for improvement. Enhance technical standards and the process development, review and approval of them
Resource and Budget Management - Manage direct reporting resources and budget, identifying and addressing staffing needs. Provide direct input to evaluations of dotted line staff.
Centralized Solutions Support - Provide and support centralized tools for data masking, logging, alerting and other security and control needs.
Requirements
Communication
§ Excellent verbal and written communication skills.
§ Strong understanding of effective stakeholder and change management (organizational and process).
§ Ability to collaborate, influence and communicate successfully in different ways to different audiences (i.e., in business terms to business people, in technical terms to technical people)
§ Able to develop management level presentations / dashboards and present to executive management and large audiences
§ Experience in developing and providing quality assurance to deliverables
Project Management / Leadership
· Strong project management and client service skills
· Ability to analyze information and make logical, fact and risk based decisions
· Ability to manage and work in a matrix reporting environment
· Excellent leadership and teaming skills in a complex heterogeneous technical environment
Salary plus bonus and benefits
Experience: Education/Experience
· Understanding and application of financial services and insurance industry regulations around security and privacy including the Gramm-Leach-Bliley Act, Health Insurance Portability and Accountability Act (HIPAA), Fair Credit Reporting Act, SEC Rules 17a-3 and 17a-4, and state security breach disclosure notification laws.
· Understanding and application of information security standards and best practices including ISF Standard of Good Practice, ISO 17799/27001, CoBIT, Common Criteria, NIST publications, OWASP, Center for Internet Security, etc.
· Bachelors degree or higher - preferably in Computer Science, Engineering, or a related scientific fields.
· 10 - 15 years in progressive roles related to security, controls, systems audit and/or technology.
· Background in MIS audits, Sarbanes-Oxley (IT General Controls) a plus.
· Technology background a plus.
· Certification such as CISA, CISSP, or CISM. PMP a plus.
· Work experience with a leading consulting firm a plus.
· Project experience driving process, technology and organizational change - full lifecycle (analysis->post-implementation) a plus.
· Broad understanding of computer security risks, threats and mitigating controls
· Broad technical understanding of internet/intranet protocols and firewalls, applications and security issues associated with them.
· Broad technical understanding of network security, operating system security (Mainframe, UNIX, Windows), database security, desktop security, security architecture, access control and security issues associated with them.
Broad technical understanding of current programming languages and tools/techniques (Java, C++/C#, J2EE, .NET, SOAP, ODBC/JDBC, etc.) and security issues associated with them.
To Apply to this job go to http://www.GadBall.com or click here