IT Governance Director

Apply Now >>    

Directs the overall Information Security Assessment and Governance activities. Coordinates work with internal and external resources and agencies to ensure IT assessments are completed and reviewed with all appropriate stakeholders, issues are tracked, and agreed resolution plans are tracked to completion.

Coordinate to implement and manage the necessary tools, services, and reporting to properly accomplish the requirements of the work. Provide regular status reporting and scorecards to management.

Responsible for coordinating regular testing of security controls and other IT controls with approved frameworks (e.g. NIST CSF), to ensure digital asset protection is aligned with firm business goals.

Ensure data center disaster recovery planning is regularly tested to meet/exceed the stated RPO/RTO objectives of the firm.

Essential Duties:

  • Work with internal resources to coordinate regular controls testing activities and consolidate reporting.  Develop reactive and proactive plans to appropriately respond to identifies issues and gaps. 
  • Establish projects/investments to continuously improve and optimize the assessments and overall security program.  
  • Work with appropriate internal representatives, including the National Office of Risk Management, General Council, and regulatory personnel to ensure compliance in responding to and reporting on audit requests.
  • Work with internal and external resources to coordinate SOC II controls testing, closure activities, and reports. 
  • Work with National Office of Risk Management to coordinate and standardize Security on other IT responses to client inquiries.
  • Propose changes to existing policies and procedures, systems, and practices to ensure security and IT controls are efficiently working as designed to ensure the protection of intellectual property, client data, and electronic assets.
  • Work with the appropriate functional areas and lines of business representatives to ensure the Information Security roadmaps are focused on the largest risks and align with existing and planned technology roadmaps.
  • Other duties as assigned

Required Qualifications:

  • Bachelor of Science or equivalent experience in an information security/technology SOC/CIRT leadership role
  • CISA Certification
  • Strong project management skills and experience in creating and managing project plans, including budgeting and resource allocation and progress reporting  
  • 7+ years, progressive experience in a technology security or security assessment role.
  • Experience working with legal, risk, audit and compliance staff.
  • Experience developing and maintaining policies, procedures, standards and guidelines
  • Practical knowledge and understanding of NIST principles, including CSF.
  • Experience or knowledge of common information security management frameworks, (e.g. NIST CSF, ISO 2700x, ITIL, COBIT, PCI)
  • Experience or knowledge of common data privacy laws and regulations (e.g. HIPAA/HITECH, EU GDPR, GLBA)
  • Strong leadership skills and the ability to work effectively with business managers, IT engineering and IT operations staff.
  • Ability to break down technically complex and ambiguous concepts and rationalize into simple concepts and ideas.
  • Ability to build strong relationships across lines of business, functional areas, and outside vendors.
  • Ability to understand and articulate business imperatives as well as the business impact of security tools, technologies and policies.
  • Excellent verbal, written and interpersonal communication skills, including the ability to communicate effectively with the IT organization, project and application development teams, management and business personnel; in-depth knowledge and understanding of information risk concepts and principles as a means of relating business needs to security controls; an excellent understanding of information security concepts, protocols, industry best practices and strategies.

Preferred Qualifications:

  • CISSP 
  • CIPP 

You want your next step to be the right one. You've worked hard to get where you are today. And now you're ready to use your unique skills, talents and personality to achieve great things. RSM is a place where you are valued as an individual, mentored as a future leader, and recognized for your accomplishments and potential. Working directly with clients, key decision makers and business owners across various industries and geographies, you'll move quickly along the learning curve and our clients will benefit from your fresh perspective.

Experience RSM US. Experience the power of being understood.

RSM is an equal opportunity/affirmative action employer. Minorities/Females/Disabled/Veterans.
Job ID req3708
Line of Business: Internal Client Service
SubFunction: IT
Job Type: Full Time
Req #: req3708
Location: 801 Nicollet Mall, 11th Floor - West Tower, Minneapolis, MN US
Region: National
Job Category: Corporate Information Technology
Employment Type: Experienced
Degree Required: Bachelor
Travel: Yes
Apply Now >>