Our Firm

American Century Investments® is a leading global asset manager focused on delivering investment results and building long-term client relationships while supporting research that can improve human health and save lives. Founded in 1958, the firm’s 1,400 employees serve financial professionals, institutions, corporations and individual investors, offering a wide range of investment strategies across a variety of investment disciplines.

We are committed to providing institutional-quality, actively managed solutions with a performance-centered mindset. Our expertise spans global growth equity, global value equity, disciplined equity, multi-asset strategies, global fixed income, alternatives and ETFs.

Privately controlled and independent, we focus solely on investment management. This empowers us to align our decisions with client expectations and concentrate on their long-term money management needs.

Our culture of winning behaviors exemplifies our dedication to clients every single day. Delivering investment results enables us to distribute over 40% of our dividends—more than $1.8 billion — to the Stowers Institute for Medical Research, a 500-person, non-profit basic biomedical research organization with a controlling interest in American Century Investments. Our dividend payments provide ongoing financial support for the Institute’s work of uncovering the causes, treatments and prevention of life-threatening diseases, like cancer.

Role Summary

The Information Security Governance Senior Analyst works within the Risk, Resiliency, and Governance team, and will be responsible for implementing, monitoring, and continuously improving the security governance, risk, and compliance programs.

You will be responsible for collaborating cross-functionally with IT and the business on security governance activities supporting ACI's obligation to identify cyber security risks and manage related legal, regulatory, and compliance risks. You will ensure that stakeholders are aware of relevant risk and controls requirements. The position will work with IT teams to provide technical guidance and evaluation of security controls and will ensure alignment with overall business objectives.

Responsibilities

• Establish and maintain adequate information security controls such as data protection, and software development practices.
• Partner with cybersecurity, enterprise technology, legal, and compliance leadership to ensure all technology conforms to the company’s desired compliance and security posture.
• Develop and maintain the yearly scope of technology compliance obligations.
• Maintain compliance framework assessment toolkits used in testing and validation procedures.
• Partner with internal and external auditors to validate controls. Responsible for security audit compliance activities; work with IT staff and internal and external auditors in review of program activities.
• Focus on principles aligned with enterprise risk management fundamentals within security and technology teams to maintain up-to-date configuration documentation for systems and processes.
• Develop a system repository and targeted campaigns to validate controls.
• Maintain artifacts aligned to technical and administrative requirements.
• Perform periodic gap assessments to validate compliance with established security policies and standards.
• Participates in the process of addressing exception requests to policies and standards, identifying business justification, and compensating controls.
• Collaborate to develop and implement appropriate policies, standards, procedures; and, reporting metrics to ensure security controls and compliance requirements are met.
• Assist with designing, deploying, and maintaining the GRC platform.
• Lead the Information Security Steering Committee process and maintain reporting requirements associated with the committee.

Skills and Experience

Required:

• A Bachelor's or Graduate degree in cybersecurity, information systems, or a related field.
• 7+ years of demonstrated ability in a cybersecurity, audit, risk, compliance, or GRC role.
• Solid understanding of common security and privacy frameworks and regulations; (e.g. ISO, NIST, CIS, SOC 2, HIPAA, COBIT, CCPA).
• Experience responding to, analyzing, and presenting security and information technology-related practices and controls.
• Experience with the monitoring and evaluation of technology processes and controls including design and operating effectiveness testing and reporting on results and recommendations.

Preferred:

• Experience developing or editing information security policies, information security governance, or risk and compliance governance.
• Experience with cloud platforms; (AWS, Azure, GCP).
• Security or technology industry certification; (e.g. CISSP, SANS, CISA, CRISC, or similar).
• Advanced skills with Microsoft Office suite; (Excel, Word, PowerPoint, etc.).
• Analytical skills with the ability to relate to technical and non-technical personnel.
• Good attention to detail.
• Demonstrated ability to collaborate positively and effectively with diverse constituencies.
• Ability to maintain high security/privacy controls when taking care of sensitive, protected, or regulated information.
• Experience with GRC toolsets and advanced compliance policy platforms (such as M365 Purview).
• Exhibits the American Century Investments Winning Behaviors: Client Focused, Courageous and Accountable, Collaborative, Curious and Adaptable, Competitively Driven, Adheres to the highest ethical standards and business practices, and Supports a culture of compliance.

Additional Requirements:

Employees are required to be in the office on a scheduled frequency. Adherence to this schedule is essential to fulfilling the expectations of the role.

As a global firm with offices in several cities, we will uphold any local regulations regarding COVID-19 precautions and/or vaccination requirements for the workplace.

American Century Investments is committed to complying with the Americans with Disabilities Act and all other applicable Equal Employment Opportunity laws and regulations. As such, American Century strives to provide a reasonable accommodation to any qualified individual under the ADA to perform essential job functions.

American Century Investments believes all individuals are entitled to equal employment opportunity and advancement opportunities without regard to race, religious creed, color, sex, national origin, ancestry, physical disability, mental disability, medical condition, genetic information, marital status, gender, gender identity, gender expression, age for individuals forty years of age and older, military and veteran status, sexual orientation, and any other basis protected by applicable federal, state and local laws. ACI does not discriminate or adopt any policy that discriminates against an individual or any group of individuals on any of these bases.

©2019 American Century Proprietary Holdings, Inc. All rights reserved.