An IT Governance and Security Risk Specialist is an internal resource focused on providing security advice, guidance, and direction to both Voya IT and business users under the authority of Technology Risk and Security Management (TRSM). This is a high-level technical resource for dealing with the most important, complex, or risky situations related to the implementation, communication, monitoring, and maintenance of policies and procedures to protect technology information, environments and systems.
- Provides state-of-the-art technical expertise and support to client and IT management and staff in the area of security controls and risk assessments.
- Provides expertise on Voya's security architecture, standards, policies, and procedures (across all platforms and infrastructures).
- Acting as security consultant or liaison between Security, IT, and business as both subject matter experts for advisory support and security points of contact. Examples include:
- Providing guidance on information security policy requirements
- Providing security and compliance evaluations for specific topics or questions
- Providing support during any security incident
- Interpretation of security risk related to findings or issues for IT areas
- Provide security awareness and training with appropriate information to IT and business professionals within Voya
- Executing processes designed to identify and mitigate risk in the Voya environment. Examples of these processes include:
- Risk Assessments
- Vendor Risk Assessments and Vendor Selection Process
- External Connection Reviews
- Privilege Access and Service ID Ticket Approvals
- Client Information Security Questionnaires
- Technical Security Standards (TSS) / Security Hardening Guidelines Reviews
- Maintains contact with industry security standard setting groups and an awareness of State/Federal legislation and regulation pertaining to information security.
- Other duties as assigned.
Knowledge & Experience:
- Bachelor’s Degree in Computer Science or Engineering; Master’s Degree Preferred.
- 5-7 Years of IT and Security Risk Experience (Required)
- 2-4 Years of Cloud Technology Experience (Required)
- 1 or More Certifications - CISA/CISM, CISSP, and/or Cloud-Related Certifications (Strongly Preferred)
- Experience in security aspects of multiple platforms, operating systems, software, communications, and network protocols. Cloud security experience preferred.
- Requires excellent analytical ability, consultative and communication skills, and strong judgment.
At Voya, we have identified the following critical skills which are key to success in our culture:
- Customer Focused: Passionate drive to delight our customers and offer unique solutions that deliver on their expectations.
- Critical Thinking: Thoughtful process of analyzing data and problem solving data to reach a well-reasoned solution.
- Team Mentality: Partnering effectively to drive our culture and execute on our common goals.
- Business Acumen: Appreciation and understanding of the financial services industry in order to make sound business decisions.
- Learning Agility: Openness to new ways of thinking and acquiring new skills to retain a competitive advantage.