Directs the overall Information Security Assessment and Governance activities. Coordinates work with internal and external resources and agencies to ensure IT assessments are completed and reviewed with all appropriate stakeholders, issues are tracked, and agreed resolution plans are tracked to completion.
Coordinate to implement and manage the necessary tools, services, and reporting to properly accomplish the requirements of the work. Provide regular status reporting and scorecards to management.
Responsible for coordinating regular testing of security controls and other IT controls with approved frameworks (e.g. NIST CSF), to ensure digital asset protection is aligned with firm business goals.
Ensure data center disaster recovery planning is regularly tested to meet/exceed the stated RPO/RTO objectives of the firm.
Work with internal resources to coordinate regular controls testing activities and consolidate reporting. Develop reactive and proactive plans to appropriately respond to identifies issues and gaps.
Establish projects/investments to continuously improve and optimize the assessments and overall security program.
Work with appropriate internal representatives, including the National Office of Risk Management, General Council, and regulatory personnel to ensure compliance in responding to and reporting on audit requests.
Work with internal and external resources to coordinate SOC II controls testing, closure activities, and reports.
Work with National Office of Risk Management to coordinate and standardize Security on other IT responses to client inquiries.
Propose changes to existing policies and procedures, systems, and practices to ensure security and IT controls are efficiently working as designed to ensure the protection of intellectual property, client data, and electronic assets.
Work with the appropriate functional areas and lines of business representatives to ensure the Information Security roadmaps are focused on the largest risks and align with existing and planned technology roadmaps.
Other duties as assigned
Bachelor of Science or equivalent experience in an information security/technology SOC/CIRT leadership role
Strong project management skills and experience in creating and managing project plans, including budgeting and resource allocation and progress reporting
7+ years, progressive experience in a technology security or security assessment role.
Experience working with legal, risk, audit and compliance staff.
Experience developing and maintaining policies, procedures, standards and guidelines
Practical knowledge and understanding of NIST principles, including CSF.
Experience or knowledge of common information security management frameworks, (e.g. NIST CSF, ISO 2700x, ITIL, COBIT, PCI)
Experience or knowledge of common data privacy laws and regulations (e.g. HIPAA/HITECH, EU GDPR, GLBA)
Strong leadership skills and the ability to work effectively with business managers, IT engineering and IT operations staff.
Ability to break down technically complex and ambiguous concepts and rationalize into simple concepts and ideas.
Ability to build strong relationships across lines of business, functional areas, and outside vendors.
Ability to understand and articulate business imperatives as well as the business impact of security tools, technologies and policies.
Excellent verbal, written and interpersonal communication skills, including the ability to communicate effectively with the IT organization, project and application development teams, management and business personnel; in-depth knowledge and understanding of information risk concepts and principles as a means of relating business needs to security controls; an excellent understanding of information security concepts, protocols, industry best practices and strategies.
Job ID req3708_Davenport
Line of Business: Internal Client Service
Job Type: Full Time
Req #: req3708_Davenport
Location: 331 W. 3rd St, Davenport, IA 52801 Suite 200, , Davenport, IA US