This job has expired, please see additional jobs below
Director, Information Security Governance
Pearson
Centennial, CO, United States
Job Details - this job has expired, please see similar jobs below
Description
At Pearson, we’re committed to a world that’s always learning and to our talented team who makes it all possible. From bringing lectures vividly to life to turning textbooks into laptop lessons, we are always re-examining the way people learn best, whether it’s one child in our own backyard or an education community across the globe. We are bold thinkers and standout innovators who motivate each other to explore new frontiers in an environment that supports and inspires us to always be better. By pushing the boundaries of technology — and each other to surpass these boundaries — we create seeds of learning that become the catalyst for the world’s innovations, personal and global, large and small.
About Information Security
Information Security (CISO) is responsible for establishing and maintaining Pearson-wide security and risk management programs. This team safeguards the confidentiality and security of all information assets, including learner, customer and business data.
The team covers: Risk and Compliance | Security Forensics | Application Security Architecture and Engineering | Business Information Security Officers
About the job
Job Purpose: The Director of Information Security Governance will work closely with Pearson’s business leaders and other stakeholders as necessary to understand and help create a culture of information security best practices, awareness and empowerment. This role will provide program management to help the business ensure that regulatory requirements are met with regards to training and awareness, develop, manage and maintain Pearson’s security policies and standards, and manage the implementation and ongoing management of Pearson’s Risk Management Tool.
Scope: This is a global position.
Key Responsibilities:
• Lead the design and implementation of Pearson’s Risk Management tool
• Manage the global release of the tool throughout Pearson
• Develop a GRC tool training program for Pearson users
• Manage all GRC tool content, access, and updates.
• Drive a program to manage risk through Pearson’s transition to a cloud-based service provider.
• Work with all members and stakeholders of the Security Governance Board and their designees to ensure that the CISO message becomes ingrained throughout Pearson.
• Work with various business leaders, stakeholders, and legal to ensure compliance with industry requirements and service level agreements around security awareness and risk management as it relates to the GRC tool implementation.
● Help to build and support a world-class information security governance program.
● Manage Pearson’s Information Security Awareness program- shift the Pearson culture to one that leads with InfoSec.
● Act as a role-model and champion throughout the company. Lead, teach, mentor, and encourage passion through empowerment.
● Provide lifecycle document management for Pearson’s security policies and standards
● Ensure the propagation and adherence to all security policies and standards globally
Direct development of procedures based on policies and standards.
Qualifications
1.Essential skills, qualifications and experience:
• Extensive experience in the information security field designing and implementing enterprise security solutions in a global context.
• Experience with cloud services and measuring and managing risk during migration.
• BA/BS degree desirable, or equivalent experience, security qualifications and accreditations.
• Deep and broad understanding related to security encompassing control technologies, policies and standards, risk and compliance, audit, data privacy etc.
• Experience with security practices such as security incident response and risk management.
• Experience performing security and privacy functions in large scale, global environments and organizations
• Excellent verbal and written communication skills with a wide range of audiences including technologists, executives, business stakeholders and IT team members.
• Experience in leading matrix global teams. Experience in managing a budget. Fluent written and spoken business English.
• Must be a critical thinker with strong problem-solving skills.
• Knowledge and understanding of relevant legal and regulatory requirements.
• Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials, is desired.
• Project Management experience.
• Knowledge of common information security management frameworks, such as ISO 27001, ITIL, COBIT and NIST.
• High level of personal integrity, and the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity.
• High degree of initiative, dependability and ability to work with little supervision.
2. Desirable skills, qualifications and experience:
a. Understanding of technical controls and vulnerabilities
b. Management experience
c. Education domain experience
d. Broad compliance experience desirable
e. Project Management experience desirable
3. Key Pearson Attributes
● Always Learning
● Customer Focused
● Strategic and Visionary
● Makes it Happen
● Transformational
● Relationship Builder