Manager, Information Security Risk Assessment
The Information Security Risk Assessment (ISRA) Manager is responsible for the management and maintenance of Aflac’s Information Security Program to include Third Party, Application and Infrastructure risk. This individual will manage a team of Information Security Assessment Analysts who will conduct the risk assessments in alignment with the annual risk assessment plan.
Principal Duties & Responsibilities
Maintain Aflac’s Information Security Risk Assessment Program that encompasses information securityrisk assessments of applications, infrastructure assets and third party relationships used by Aflac.
Coordinates the development, management and approval of the annual information securityrisk assessment methodology and schedule.
Maintain and monitor performance metrics for risk assessment teams to ensure a high level of performance and quality.
Directs the ongoing review and adjustment of the information security questionnaires.
Keeps current on all information securityrisk assessment frameworks and techniques within the financial services industry.
Collaborates with business partners to include Legal, Strategic Sourcing and Procurement, etc. on the assessment of third party relationships, process, contracts, etc.
Performs other duties as required
Education & Experience
A bachelor’s degree in Computer Science, Information Systems or a related field and six to eight years of professional job related work experience or an equivalent combination of education and experience
Demonstrated experience in performing IT risk assessments or IT auditing
Demonstrated proficiency communicating information security and IT risk management concepts to technical and non-technical audiences; the ability to influence decision-makes at many levels and across the organization is a key proficiency for this role
Certifications from any of the following: CISSP, CISA, CISM or other information security or IT audit related certifications
Job Knowledge & Skills
Detail oriented, structured, and organized.
Strong written and verbal communication skills.
Strong analytical and problem-solving abilities.
Ability to multi-task, prioritize and provide deliverables timely and with quality.
Strong relationship and time management skills.
Trustworthy with high standards of personal integrity with a clear understanding of the challenges of information security.
Proven understanding of information security concepts and practices; experienceworking with information security frameworks and regulatory regimes such as NIST SP 800-53, HIPAA and PCI-DSS
Action Oriented, Customer Focus, Adaptability, Listening, Ethics and Values, Integrity and Trust
Core Manager Competencies
Drive for Results, Building Effective Teams, Developing Direct Report, Hiring and Staffing, Informing, Motivation Others
Business Acumen, Decision Quality, Informing, Negotiating, Strategic Agility, Time Management
(Job Number: 50955231)