Reporting to the CISO, this position will help set and execute the cybersecurity strategy for Dow Jones & Company. Responsible for engaging the business and focusing cybersecurity investments toward the areas of greatest concern.
Cyber Strategy, Governance, Risk Management & Compliance
Engage leaders from Technology and the business to understand and prioritize cybersecurity risks through formal risk assessments
Build and institute a cyber risk management program to focus cybersecurity investments with guidance from the Cybersecurity Steering Committee
Maintain a security strategy that incorporates business and technology objectives and outputs from risk assessments
Develop and maintain roadmaps and budgets
Create tools for regular reporting of the security program, activities and progress across all areas including Secure Design & Architecture and Security Operations
Build processes and tools to provide the business visibility of cybersecurity risks and drive accountability
Assist in development and maintenance of policies, standards, processes, and procedures to assess, monitor, report, escalate and remediate risk and compliance issues
Educate and advise technology and business executives as needed on technology risk and compliance issues as well as appropriate mitigation strategies and approaches related to security and risk management
Responsible for managing the compliance program which currently includes SOX & PCI
Build a cyber security aware culture by developing and launching a creative and engaging awareness program
Mature and formalize a third party risk program
Work to identify and cultivate strong relationships with members of the organization outside of Technology
Maintain and spread awareness of trends in the threat landscape
Serve as the primary point of contact for cybersecurity maturity reviews performed by clients
Leads and manages members of the Risk & Compliance team, including recruitment, supervision, scheduling, development, evaluation, and disciplinary actions
Liaise with other departments to integrate security into key organizational processes
Skills & Experience
Professional certification in information security (for example, CISSP, CISM or CISA) required
Minimum six (6) years of information security experience in increasingly responsible roles required
Must have well developed change management skills; be effective in working across organizational boundaries to build a case for changes, and to execute on the change plan - from strategy through to ongoing operation and process improvement
Experienced in, and able to formulate, the cost effectiveness benefit of security initiatives in the context of overall business risk mitigation and the company's operational objectives
Must possess great oral and written communication skills
Demonstrated knowledge of recognized security industry standards and leading practices (e.g., PCI, OWASP, NIST, DISA, CIS)
Demonstrated understanding of technological trends and developments in the areas of information security, risk management, web architectures and cloud computing.
Experience managing a small team
Pass it on for Referral Bonus. Not the right role for you, but know someone we should meet? Share with him to earn $1,000 referral bonus.
Posts
