InfoSec Strategic Initiatives Manager
5 - 7 years experience • Financial Services
Perform advanced program management of complex, multifaceted programs from inception to completion. Oversee one or more programs comprised of multiple strategic projects and/or integrationevents. Focus on meeting customer needs and satisfaction by managing program commitments, including communications with sponsors, stakeholders and management, including senior leaders and executives. Work with key stakeholders and relationship managers to clearly define andremoveambiguity in program scope and provide vision and strategy to meet business needs and defined objectives. Work with team to segment program objectives into manageable projects/work streams and collaborate with program stakeholders and program team members to ensure projects are documented, prioritized and executed to achieve program requirements and objectives while ensuring compliance with Project Office processes.
In addition to the general accountabilities above, the following responsibilities are samples of anticipated skills for this role:
- Strategic initiative program leadership, plan preparation and change management. Strategy preparation, recommendations and approaches to influence and/or meet compliance. Information security regulatory industry negotiation, engagement and influence. Executive-level document preparation and presentation. Process improvement facilitation and implementation. Communication and training strategy preparation. Recommending policies and standards where needed. Cross organization collaboration and influence.
Essential Duties and Responsibilities:
Assist Chief Information Security Officer and/or CISO Direct Report in implementing and maintaining an effective enterprise-wide corporate information security program designed to improve capabilities / reduce risk while ensuring the protection and privacy of information assets to include data, software and equipment.
Primary areas of accountability include the following:
• Oversee, while having overall accountability to ensure the tactical implementation of corporate-wide security principles, policies and practices;
• Partner with Enterprise Program Office (EPO), while having overall accountability to ensure strategic programs / projects are successfully planned, implemented and are supportable after transformational work is complete;
• Provide the necessary subject matter expertise and coordinate efforts on a corporate level to identify key securityrisks, needs, and initiatives.
• Work with outside consultants as needed, on independent security reviews, technologyselection/deployment, and policies/standards/procedures development.
- Work in a matrix manner across the D&TS organization and with Business Units as required.
Essential Duties and Responsibilities:
The following is a summary of the essential job functions for this job. Other duties may be performed, both major and minor, which are not mentioned below. Specific activities may change from time to time.
1. Privacy/Protection: Provide the necessary subject matter expertise and ensure the implementation of the information security architecture, risk management standards, best practices and systems/processes to ensure information privacy/protection.
2. Risk Management: Interact with management to determine acceptable levels of risks as the business model and risk profile changes and align the security program accordingly.
3. Monitoring of security procedures and practices: Review on a timely basis the various analyses of the reports and logs available. Review the recommendations for noted irregularities.
4. Security policies for the bank: Be aware of and review the security features of new information security practices, systems and business services to ensure that they meet the security requirements of the existing policies. Review and propose changes to existing policy as external emerging issues and conditions warrant.
5. Ensure adequate security for new business services and systems: Assist in the development of scenarios of usage, test for abnormalities or exposures. Prepare documentation to augment vendor materials that include local enhancements and implementations.
6. Regulatory/Legal/Corporate Compliance: Stay abreast of all information security related laws and regulations to ensure compliance to them. Ensure compliance to corporate policies.
7. Support or direct enterprise level information security related functions such as: Firewall Administration, Intrusion Detection, Communications, Incident Response, RACF, Encryption, Access Control, Threat Management, Cyber Forensics, and other security related functions as required. Make recommendations for improvements to the program, respond to alleged policy violations and act as participant in event of a breach. Ensure communications to the CISO, and other senior level officers, are accurate and timely.
8. Make recommendations for assigned personnel regarding employment, career development, performance evaluations, salary changes, promotions, transfers and terminations within established policies and guidelines.
9. Plans and develop various communications from executive business cases to departmental budgets in accordance with established guidelines; administer compliance to meet budgetary goals and negotiates changes as required.
10. Maintain awareness of changes in industry: Attend classes and seminars as required to maintain a high level of proficiency in the fields of information security and business resumption. Network with other information security professionals. Read about and be aware of the trends regarding BRP and Security in the industry.
Required Skills and Competencies:
The requirements listed below are representative of the knowledge skill and or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform essential functions.
1. Bachelor's degree in computer science, business, or related discipline, or equivalent education and related training
2. Certification in information security fundamentals (GISF or higher) or Project Management (PMP) or related successful experience.
3. Seven years’ experience in Project Management, of which at least three years was in the information technology field in a leadership/supervisory position
4. Demonstrated SME level knowledge in one of the following areas: Firewall Administration, Intrusion Detection, Communications, Incident Response, RACF, Encryption, Access Control, Threat Management, Risk Management, Project Management or any other security-related field.
5. Familiarity with multi-platform environments and their operational/security risk considerations
6. Strong oral and written communications skills; strong presentation and marketing skills
7. Highly adaptable to a constantly changing business and technology environment
8. 30%/70%business/technology acumen; 100% Project Management
BB&T is an Equal Opportunity Employer and considers all qualified applicants regardless of race, gender, color, religion, national origin, age, sexual orientation, gender identity, disability, veteran status or other classification protected by law.