Senior Manager, Infosec Governance

Confidential Company  •  Jersey City, NJ and New York, NY

11 - 15 years experience  •  New Media

Salary depends on experience
Posted on 08/13/17 by Jeffrey Dellinger
Jersey City, NJ
11 - 15 years experience
New Media
Salary depends on experience
Posted on 08/13/17 by Jeffrey Dellinger

Senior Management-InfoSec Governance

  • New York, NY
  • Full-time

Company Description

Our client is a Global Leader with 50,000 employees in one of the most innovative, technology-centric and creative industries in the market.  A Strong advocate of diversity and inclusion, giving back to the community, hiring and building strong leaders and providing career progression throughout the organization.  

Job Description

  • Contribute to annual CISO strategy through definition of objectives and respective work stream requirements.
  • Work with various organizational divisions management and Legal to address IT/Security compliance requests including RFPs, client security questionnaires, security addendums and client audits; negotiate with clients on security requirements.

  • Manage the Security Compliance Program via the Information Security Steering Committee, which includes reaching consensus with the Corporate, Network and Agency CIOs on CISO strategy, goals and initiatives.
  • Manage & oversee the secure software initiative by implementing the S-SDLC policy at Corporate and the agencies, facilitating the Software Security Group and Digital Security Forum, secure software initiative evangelism, code scanning tool rollout and training efforts.
  • Oversee the global IT SOX program, including scoping, ongoing enhancement of IT controls and associated testing procedures, and year end issue evaluation.
  • Develop and manage the information security training program for all employees globally, which includes annual security awareness training, policy specific training, CISO Newsletters, security notifications as well as the global phishing campaign.
  • Develop, maintain, communicate and provide guidance on companies security policies and standards; manage the IT policy exception process
  • Establish relationships and work closely with CIOs, IT leads, IT SOX Coordinators, HR management, Legal, Privacy, Risk Management, corporate IT and external auditors
  • Manage the Information security and compliance security budget and monitor it for variances.
  • Work directly with corporate groups and agencies to identify acceptable levels of risk, and provide guidance with regard to data classification and protection.
  • Help lead data governance efforts that includes data inventory, classification and implementation of security controls in support of privacy (GDPR) and security compliance.
  • Provide subject matter expertise to executive management on a broad range of information security standards and leading achievable practices, such as ISO, NIST CSF.
  • Ensure that security programs are in compliance with applicable laws, regulations, and policies to minimize or eliminate risk and audit findings.
  • Develop business-relevant metrics to measure the efficiency and effectiveness of the programs, facilitate appropriate resource allocation and enhance the maturity of the security and compliance program.

Qualifications

Hands on experience of technical security concepts including authentication, authorization, data security, application security, cloud services and data governance.

  • Minimum of 10 years of experience in a leadership role in combination of risk management, security and/or IT; 4-5 years of IS related business experience at a Big 4 or 6 preferred
  • Experience with the following industry/regulatory requirements and frameworks: ISO27001/2, COBIT, SOC2, SOX, NIST 800-53, NIST CSF
  • Experience in partnering with IT teams from different disciplines in a combined effort to achieve project success
  • Thrives in a fast-paced environment and simultaneously working across multiple projects
  • Solid written and oral communications skills and ability  to articulate and present information to all levels of management
  • Experience with privacy regulations such as GDPR preferred.
  • Professional certification, such as a CISSP or CISM or other comparable information security credentials, is required. 
  • Must have extensive written and verbal communication skills to both a technical and non-technical audience; interpersonal and collaborative skills

Additional Information

Seeking local candidates to NYC or Jersey City

Not the right job?
Join Ladders to find it.
With a free Ladders account, you can find the best jobs for you and be found by over 20,0000 recruiters.