CA SaaS’s Information Security & Risk Operations Group is seeking a strong and energetic leader to manage the Information Security & Risk Operations function within our Governance, Risk, and Compliance Group. This position will provide oversight and day to day management of security-focused services to ensure that information and infrastructure is protected through regular evaluation, validation, and reporting.
The Director must possess strong analytical, communication, and management skills with knowledge of Information Security best practices and technologies. Understanding the broader landscape of security threats and risks faced in the financial and technology sector is key to ensure that your team of dedicated and experienced resources are positioned for ongoing success.
Responsibilities:
· Leading a team of risk, analytics, and security professionals to execute CA SaaS’s Information Security, GRC strategy.
· Assist in identifying emerging security risks and vulnerabilities affecting CA SaaS’s environment and developing/communicating appropriate mitigating controls.
· Develops, maintains, and delivers risk evaluation toolsets, processes, and procedures in support of Information Security best practices and Audit, Compliance, and Regulatory obligations.
· Participates in Compliance Monitoring for Security Controls, Policies, and Requirements.
· Establish and provide oversight for self-assessment and readiness programs for Information Security Risk evaluation tools, systems and processes.
· Deliver best practice risk evaluation toolsets for use within all aspects of the Information Security program
· Prepares and delivers monthly and quarterly reporting to senior leadership and executive management
· Leverage the GRC Application environment to support all aspects of this team and function
· Excellent written, oral and presentation skills and an ability to synthesize information and make clear, concise recommendations on course of action
· Proven track record of successfully managing information security risk programs within the payment industry and/or regulatory environment
· Ability to keep pace with demands of business by anticipating problems, proffering appropriate solutions and providing the leadership to effectively implement change
· Self-driven with strong leadership skills, with demonstrated excellence in leading diverse teams in a global environment.
· The ability to set the appropriate tone at the top, motivate staff, foster a positive culture of mutual respect and the highest ethical standards.
· Flexible and creative thinker with strong execution skills, and the ability to provide thought leadership and wield influence beyond areas of direct responsibility
Qualifications:
· 15+ years of work experience in Information Security, Audit, Risk, and/or Compliance and Reporting activities, preferably for financial and/or technology companies.
· Must have 10+ years direct participation and experience across common industry security policy areas, including, but not limited to ISO, NIST, COSO, COBIT, PCI, FFIEC, SOX, SSAE16, and others.
· Subject-matter expertise in information security subject matter areas (e.g. access management, data security, vulnerability management, etc.)
· 10 + years’ experience providing information security or information technology consulting services to a broad range of companies and/or federal and state agencies.
· Solid understanding of Enterprise Risk Management and Strategy frameworks as well as understanding of current enterprise threat scenario as related to financial industry.
· Superior analytical and problem solving skills.
· Demonstrated ability to manage implementations of large-scale, complex, multi-disciplined, cross-functional and highly visible projects/programs.
· Bachelors Degree in Business, Information Systems Management (or related field) or equivalent work experience in the Technology/Security space.
· Proven experience working with multiple individuals on internal and external delivery and communication initiatives.
· Ability to synthesize a variety of data points into comprehensive and effective reporting.
· Strong executive presence and communication skills – experience in Audit/Compliance/Regulatory discussions and proactive readiness activities with internal partners and external customers/clients.
· Experienced at presenting information to all levels, with ability to communicate and facilitate group discussions and debate across geographic, functional lines and levels.
· Dlivers effective and strong documentation to support compliance and certification audits.
· Must be extremely flexible and able to manage multiple tasks and priorities on very tight deadlines – Ability to prioritize deliverables and projects to meet timelines efficiently, to adapt to changes in priorities quickly
· CISSP, CISA Certifications preferred
· Big 4 or Fortune 500 experience is a plus
Nice to Have:
· Practical experience managing multiple large-scale compliance/audit projects simultaneously, strong internal consulting, customer account management, and defining engagement scope, negotiating commitments, gathering requirements, defining deliverables, designing integrated solutions, and overseeing technical implementations considered a plus
· Big Four consulting experience considered a plus (EY, PwC, KPMG and Deloitte)
· Proven experience proposing enterprise level solutions to mitigate risk
Pass it on for Referral Bonus. Not the right role for you, but know someone we should meet? Share with him to earn $1,000 referral bonus.
Posts
