Manager, Information Security Risk Assessment

Aflac   •  

Columbus, GA

Industry: Finance & Insurance


5 - 7 years

Posted 79 days ago

This job is no longer available.

The Opportunity

Manager, Information Security Risk Assessment

Job Summary

The Information Security Risk Assessment (ISRA) Manager is responsible for the management and maintenance of Aflac’s Information Security Program to include Third Party, Application and Infrastructure risk. This individual will manage a team of Information Security Assessment Analysts who will conduct the risk assessments in alignment with the annual risk assessment plan.

Principal Duties & Responsibilities

Maintain Aflac’s Information Security Risk Assessment Program that encompasses information securityrisk assessments of applications, infrastructure assets and third party relationships used by Aflac.

Coordinates the development, management and approval of the annual information securityrisk assessment methodology and schedule.

Maintain and monitor performance metrics for risk assessment teams to ensure a high level of performance and quality.

Directs the ongoing review and adjustment of the information security questionnaires.

Keeps current on all information securityrisk assessment frameworks and techniques within the financial services industry.

Collaborates with business partners to include Legal, Strategic Sourcing and Procurement, etc. on the assessment of third party relationships, process, contracts, etc.

Performs other duties as required


Education & Experience

A bachelor’s degree in Computer Science, Information Systems or a related field and six to eight years of professional job related work experience or an equivalent combination of education and experience

Demonstrated experience in performing IT risk assessments or IT auditing

Demonstrated proficiency communicating information security and IT risk management concepts to technical and non-technical audiences; the ability to influence decision-makes at many levels and across the organization is a key proficiency for this role

Certifications from any of the following: CISSP, CISA, CISM or other information security or IT audit related certifications

Job Knowledge & Skills

Detail oriented, structured, and organized.

Strong written and verbal communication skills.

Strong analytical and problem-solving abilities.

Ability to multi-task, prioritize and provide deliverables timely and with quality.

Strong relationship and time management skills.

Trustworthy with high standards of personal integrity with a clear understanding of the challenges of information security.

Proven understanding of information security concepts and practices; experienceworking with information security frameworks and regulatory regimes such as NIST SP 800-53, HIPAA and PCI-DSS

Core Competencies

Action Oriented, Customer Focus, Adaptability, Listening, Ethics and Values, Integrity and Trust

Core Manager Competencies

Drive for Results, Building Effective Teams, Developing Direct Report, Hiring and Staffing, Informing, Motivation Others

Functional Competencies

Business Acumen, Decision Quality, Informing, Negotiating, Strategic Agility, Time Management

(Job Number: 50955231)