Operational Operational responsibilities of this role will include one or more of the following:
Responsible for managing the global shared service program, processes and tools including:
Managing a central service composed of the systems and tools, protocols, analysis methodology and reporting processes necessary to handle responses to technology risk and information security inquiries from clients, regulators and MFs delivered through the combination of global central service and a global delivery team.
Developing and maintaining a questionnaire repository of previously completed client information security requests, member firm responses and Standard Answers Banks (SABs).
Creating and continuously improving global processes and procedures.
Training, consulting or liaising with member firm Client Security Leads (CSLs), Global Senior Analysts (delivery team), Global Junior Analysts (delivery team) and both Global and local member firm Subject Matter Experts (SME).
Continuously improving and updating processes, procedures, and tools that include communication, training and support.
Coordinating with various teams within the organization on matters related to Global Incident Response, Governance Risk & Compliance, and Vendor Risk Assessment.
Leads activities related to information security inquiries, including:
Working with the Lead Client Service Partner(s), Qualified Negotiators, and the Global Contracting Unit and Regional Easier Desks to coordinate and manage client information security requests. Analyzing and evaluating client, regulator and member firm information security requests, assessments, and audits. Facilitating data gathering and refinement activities using the global delivery team.
Work experience Five (5) or more years of demonstrated experience in developing and applying leading practices in a large-scale Information Security, Technology Risk or Operational Risk environments, including strategy development and execution, risk and governance experience.
Two (2) or more years of people management experience and proven leadership and coaching abilities.
Required Skills/abilities Proficient English skills in reading and writing, and the ability to understand nuances.
Advanced knowledge of Information Systems Security, cyber security, IT auditing, IT risk management and compliance and/or vendor security risk management Working knowledge of GRC tools (e.g., Archer, ServiceNow, etc.) and Unified Compliance Framework (UCF).
Good knowledge of various IT risk frameworks, methodologies, leading industry/assurance standards and regulations, as well as attestation reporting frameworks, such as the ISO family of standards (27001/2, ISO 22301, ISO 27017, etc.), NIST, COBIT, SOC2 reporting framework.
Basic knowledge of significant security and privacy laws and regulations in the Americas, Europe, Middle East, Asia, Africa, and Oceania is preferable (e.g., GDPR).
Experience in developing and applying standards, principles, methods, and leading IT risk governance practices in large-scale Information Security, Technology environments.
For more info: https://theucf.info/kdwLOt