Job ID: CJT20171509-37540 Description:
Are you a passionate, experienced, information security leader who enjoys impacting the business through the implementation of sound risk management and compliance activities? Become a member of the College Board’s Risk Management Division (RMD) as a Director in the Information Security Governance Risk and Compliance (ISGRC) department.
The ISGRC team helps support the College Board by maintaining and enforcing security policies and standards throughout the enterprise. All information security awareness and training, security governance, risk management, and compliance activities (e.g. ISO 27001, PCI-DSS, SOC, and HIPAA) are run by the ISGRC function.
The Director, Business Continuity Planning role is to successfully plan, train, and prepare staff for the enterprise’s recovery in the event of catastrophic disaster. In this role, you will build partnerships with the Information Technology and Operations teams to successfully achieve GRC related goals and objectives. The role requires regular interaction with the Information Security Office (ISO) and other business departments so previous experience in a cross functional recovery team with strong business acumen is a must.
This is a hands-on role where the Director must work with a combination of executives, technical, and non-technical staff to:
1. Assess the current recovery capabilities within the enterprise
2. Build the business continuity function in partnership with business leaders and other stakeholders within the College Board
3. Manage, oversee, and guide business impact assessments and planning activities
3. Lead key recovery and restoration initiatives
4. Drive transformational initiatives to modernize and enhance security across a host of domains, including cloud-based services.
5. Achieve a robust BCP, COOP, DR and Contingency Planning capability
A successful candidate will have a solid understanding of Business Continuity Planning (BCP) activities including their relationship and overlap with Continuity of Operations planning, Disaster Recovery planning, and IT related Contingency Planning. The ideal candidate will have excellent project management skills, demonstrated an ability to run multiple, large initiatives simultaneously, and be a superb manager who will achieve results while maintaining a high velocity of activity across the business continuity program. The ideal candidate will be experienced with agile development methodologies and able to drive agile processes throughout the risk management team.
- Leads the College Board’s business continuity program in partnership with business stakeholders
- Manages the end to end recovery of business and mission essential functions (MEF) related to planning activities in partnership with departmental leadership
- Performs Business Impact Analysis (BIA) by interviewing senior leaders, developing surveys/questionnaires, writing reports, and developing strategic recommendations for plan implementation
- Maintains and continuously enhances the College Board’s recovery capabilities
- Leads and facilitates business continuity planning exercises, tests, and maintenance efforts
- Supports in incident response activities and acts as a the ISGRC representative with the Information Security Office and IT teams
- Performs reviews of existing disaster recovery capabilities, infrastructure, dependencies, and restoration processes
- Enhances and maintains all BCP, COOP, DR, and CP related templates, plans, reports, training materials and other documentation.
- Maintains and enhances all Business Continuity policies and procedures in coordination with function leaders with ownership of interrelated policies and procedures to ensure consistency
- Ensures that all policies and procedures remain current and relevant in conjunction with business leaders
- Identifies recovery issues and concerns with supply chain management, crisis and incident management,
- Develops detailed restoration and recovery plans including recommendations for improvements and gap identification
- Acts as an advocate of information security, GRC, and privacy programs across the organization.
- Maintains business continuity program in accordance with industry standards and requirements
- Prepares reports and performance metrics of activities for senior leadership
- Presents ongoing status and performance of the College Board’s business continuity program to the Chief Risk Officer (CRO) and Executive Director ISGRC
- Provides expert-level analysis of restoration and recovery documents to ensure business integrity
- Ensures that all business continuity planning projects are delivered on-time, within scope, and within budget.
- Report and escalate securityrisks and issues to management as needed
- Manages relationships with the IT, Information Security, and other stakeholders
- Other duties as assigned.
- Bachelor’s Degree in Business, Management, Computer Sciences, or equivalent prior work experience in a related field. (Master’s degreepreferred)
- Minimum five to eight years in a computer related field, with at least 5 years of experience developing and exercising business functions, IT systems, and operational capabilities
- Demonstrated competency in information security or business continuity planning for a cross-functional environment and with the proven ability to lead recovery, security, and technical teams is required.
- Excellent client-facing and internal communication skills
- Strong understanding of business continuity planning techniques such as: defining, designing, developing, implementing, training, testing, and maintaining enterprise level recovery plans
- Basic understanding of information securityrisk management requirements from frameworks such as ISO 27001, COBIT, NIST, NIST 800-53, etc.
- Current Information Security Certification (e.g. CISSP, CISM, CISA, or related security certification) preferred or the ability to attain one within 6 months of hire.
- Experience in creating and maintaining business continuity schedules to ensure on-time delivery of information securityrisk projects.
- Member of Business Continuity Institute (MBCI), Certified Business Continuity Professional (CBCP) or similar certification required
Related Skills & Other Requirements:
- Willingness/ability to work off-shifts (evening, night-time, weekend) as needed or required.
- Knowledge of risk assessment procedures, policy formation, role-based authorization methodologies, authentication technologies, and security attack pathologies.
- Ability to work effectively in both an independent and team environment.
- Experience in leading or managing strategic thinking and planning sessions.
- Must have the ability to communicate technical and security-related concepts to a broad range of technical and non-technical staff, security vendors, consultants and senior management.
- Possesses strong interpersonal and management skills.
- Experience with security program development or management.
- Proven ability to lead and manage staff, mentor staff members, provides direction and influences behavior.
- Excellent oral and written communication skills, with the ability to present and discuss technical information in a way that establishes rapport, persuadesothers, and gains understanding.
- Confidence and leadership as a member of security teams in working with business users in a cross-functional environment.
- Knowledge and understanding of application, database, and OS level security.
- Excellent problem solving and analytical ability.
- Requires use of a wireless handheld device with messaging capability.
This position may be subject to a background check.
The College Board is dedicated to the principle of equal opportunity and its programs, services and employment policies are guided by that principle.
Requirements: Desired Travel Less than 25% Areas of Expertise Program Management, Project Management, Business Planning, Training, IT Infrastructure, Governance, Business Analysis, Software Engineering, IT Security, IT Project Management Highest Level of Education Bachelor's Degree Job Type Full Time Location Reston, VA Years of Relevant Experience 10+