The Role: Director, Information Security - Governance & Policy
The Location: New York, NY or Hightstown, NJ
The Impact: You will be responsible for creating, maintaining and implementing policies, standards and procedures that support the Information Security organization. This will ensure that security policies, standards, guidelines, communication programs provide comprehensive, coherent, implementable and repeatable processes.
What’s in it for you: You will have the opportunity to function as an integral member of the Information Security team and collaborate with various security, business, audit and IT teams in order to develop and execute a comprehensive Information Security Policies & Governance Program. You will also assist in formulating & standing up the necessary governance bodies to support Information Security working with S&P Global divisions. Finally, you will be able to assist in regulatory responses, resulting management action plans, and requisite follow-up.
- Responsible for the creation and maintenance of Information Security policies, standards, guidelines and procedures.
- Translate standard frameworks, recommendations from subject matter experts, and industry best practices into high-quality, coherent and implementable policies, standards and procedures.
- Harmonize content of new and updated artifacts with other enterprise policies and standards and security frameworks.
- Work closely with the divisions to effectively implement them.
- Responsible for effectively communicating & highlighting content and roadmaps intended for varied audiences.
- Collaborate with the Information Security and Risk Management teams on policy and governance related issues and concerns in order to develop update and measure effectiveness of policies, standards and procedures
- Ensure procedures and processes are relevant.
- Aid in integration with existing and new business processes.
- Collaborate with the Information Security team to integrate policies and standards related content into training & awareness programs.
- Establish the appropriate metrics and reporting to measure program effectiveness.
- Assist in formulating & enacting the necessary governance entities to support Information Security working with S&P Global divisions & Risk Management.
- Assist with regulatory responses, resulting management action plans and requisite follow-up.
- Support other Information Security processes and projects as necessary.
- BS or MS preferably in Computer Science with a concentration in Information Security.
- Security and risk management certification (e.g. CRISC, CGEIT, CISSP, CISM, CRMA)
- At least 5+ years working with IT risk and/or security; prior information security and risk management experience in a financial services company.
- Experience working in information security and demonstrable understanding of the concepts of information security. Experience with information security risk assessments and audit. Knowledgeable with Information Security laws and regulations. Knowledgeable with Information Security control frameworks and standards. Experience with NIST Cyber Security Framework (CSF); NIST 800-53 Rev 4; ISO 27001/2/5 and OWASP are a plus.
- Experience working with various financial regulatory entities (SEC, ESMA, FSA, MAS, et al) – a plus.
- Excellent communication skills. Ability to communicate with various levels of the organization including technical as well as non-technical audiences. Great customer service and relationship management skills. Skilled in executive level presentations and briefings. Experience managing communication to internal customers.
- Demonstrated ability to think creatively while accounting for multiple perspectives in any given scenario. Flexibility to adjust to multiple demands, shifting priorities, ambiguity, and rapid change.
- Must be able to work independently and with minimal direct supervision.
- Focused on how to best convey procedures and information clearly and concisely.
- Project Management experience is a plus.
- Excellent time management, organizational, and decision-making skills.
- Good judgment, tact, and decision-making ability.