This job has expired, please see additional jobs below
Information Security Risk Manager
Pearson
Centennial, CO, United States
Job Details - this job has expired, please see similar jobs below
Description
At Pearson, we’re committed to a world that’s always learning and to our talented team who makes it all possible. From bringing lectures vividly to life to turning textbooks into laptop lessons, we are always re-examining the way people learn best, whether it’s one child in our own backyard or an education community across the globe. We are bold thinkers and standout innovators who motivate each other to explore new frontiers in an environment that supports and inspires us to always be better. By pushing the boundaries of technology — and each other to surpass these boundaries — we create seeds of learning that become the catalyst for the world’s innovations, personal and global, large and small.
The Global Information Security Risk Manager is responsible for helping to quantify, mitigate, and manage information security risk at Pearson. Specifically, this person will manage risk assessments, the Risk Exception Process, maintain the Risk Register and KRIs, create and lead working groups and Steering Committees to fulfill obligations and manage cooperation across global Pearson.
This person works within the CISO team to ensure that reliable and real-time security and risk management data are available to the CISO Leadership and Executive Management teams that depend upon them to manage risk for Pearson Lines of Business. The Risk Manager is also responsible for ensuring that various audit and assessment functions are supported through the use of dedicated eGRC tools. The Risk Manager assists Pearson Lines of Business by ensuring that Vendor Management audits are completed on time and according to the designated vendor tier.
They will act as the lead in the exception management process, ensuring the CISO Leadership has the most accurate data to determine risk level for Exception Requests and Remediation Planning activities.
This role requires both technical, and business management skills. It requires strong people leadership skills and the ability to drive action. The Risk Manager acts as a liaison between the technical team members of Vulnerability Management, Risk Management, and Application Security Assessment to ensure that information gathered by the technical security teams is appropriately captured in the eGRC tools.
This role will report to the VP of Governance, Risk and Compliance, and may be called upon to act as an authorized delegate for security decisions within CISO.
Role purpose
Within this team, the Global Information Security Risk Manager is responsible for reporting on, and providing guidance for, risk reduction and mitigation on complex projects and critical applications. Key success criteria for this role include: ensuring that security is driven into all Pearson’s internal services and customer-facing products in both the private and public cloud.
Responsibilities
As a direct report to the VP Information Security Governance, Risk and Compliance, you will have the following accountabilities:
• Leads cross functional teams to ensure that policy exception requests and remediation plans are created, managed, and closed according to Pearson risk management procedures
• Establishes and manages GRC as a Service.
• Acts as the Exception Committee lead/chair for weekly and ad-hoc meetings to ensure that exception and risk management workflow functions as intended
• Ensures that exception and risk management data is delivered to the appropriate CISO Leadership as needed
• Ensures that integrations between Pearson eGRC tools are kept up to date and access relevant and timely data regardless of platform or environment
• Act as the Liaison between CISO technical teams and other business units that either produce or consume security and risk management data
• Act as the liaison between Pearson CISO, Legal, Privacy, and Procurement teams to ensure that Pearson Vendor Management is aligned with security policy and regulatory requirements
• Produce and deliver weekly, monthly, and quarterly report information to be presented to CISO Leadership and various CISO boards
• Manage the tools and environment that collect, store, and report on security and risk KPIs for Pearson
Ability to drive tangible results for the security team that provide real value to Pearson;
Provide security guidance that is practical and based in the reality Pearson’s environment rather than a gold standard that is aspirational;
Work closely with enterprise architects, engineering, and security specialists to ensure adequate security solutions and controls are in place and aligned to Pearson Policy and Standards, regulatory compliance and Industry requirements, throughout all IT and cloud systems and platforms to drive risk mitigations for identified risks sufficiently, and to meet business objectives and regulatory requirements;
Work collaboratively with a diverse, global, and multicultural community.
Maintain confidentiality of work related information and materials.
Establish and maintain effective working relationships.
Present information to large and small groups.
Contributes to the development and maintenance of the information security strategy, policies and standards;
Embrace a culture of continuous service improvement and service excellence; and
Stay up to date on security industry trends.
Qualifications
Experience
• 5+ years in a role as an audit or assessment lead
• Experience with the following Regulations and Security Standards
◦ ISO 27001/27002
◦ NIST 800-53
◦ HIPAA/HITECH/ISO 27799:2016
◦ SOC II/AES 16
◦ GDPR (familiarity)
• Working experience with any of the following eGRC solutions
◦ RSA Archer
◦ Allgress
◦ RSAM
◦ Workiva
• 5+years in Information Security Risk management;
• Experience in managing risk during the migration of enterprise companies from traditional data center infrastructure, application and data designs to hybrid or fully-cloud enabled practices.
• Working knowledge of a broad range of security technologies, including NextGen Firewalls, DLP, NAC, IDS/ IPS, IdAM, Certificate Management, SIEM, Endpoint Protection, Anti-malware, vulnerability management;
• Strong experience working within an international environment.
• Strong oral, written, and presentation abilities - able to convey risk to all levels of the business, from C-level executives to operations and development teams;
• Some proven ability in security process and organizational design;
• Current understanding of Industry trends and emerging threats; and
• Experience with AWS Cloud migration
• Some Knowledge of incident response methodologies and technologies.
Desirable
• Well-rounded background in risk management from both a process and product perspective.
• Experience driving a culture of security awareness;
• Professional IT Accreditation (CRISC, CISSP, CISM, CCSA).
• Formal education to include a BA preferable
Competences and Behaviors
• Customer orientated
• Working within an international environment
• Builds networks with customers, other team members and other relevant teams is essential
• Keeps all relevant people appropriately informed
• Very good communications, presentation and negotiations skills
• Technically proficient
• Able to express technical and non-technical concepts in clear verbal and written English
• Very good written skills to document complex concepts in a comprehensive, yet readable manner
• Encourages people to be open and share their views
• Considers a range of options that meet the needs of all stakeholders
• Ability to use own initiative to solve problems
• Delivery Focused
• Takes responsibility for targets
• Drive efficacy into all solutions delivered, demonstration clear and measurable results through the development of KPIs
• Ambitious and competitive
• Drive innovation and best practice
• Strive for standardization and simplification in all aspects of work
• Always cost conscious balancing the needs of the business against the provision of the best solutions possible