Demonstrates up-to-date expertise and applies this to the development, execution, and improvement of action plans by providing expert advice and guidance to others in the application of information and best practices; supporting and aligning efforts to meet customer and business needs; and building commitment for perspectives and rationales. Provides and supports the implementation of business solutions by building relationships and partnerships with key stakeholders; identifying business needs; determining and carrying out necessary processes and practices; monitoring progress and results; recognizing and capitalizing on improvement opportunities; and adapting to competing demands, organizational changes, and new responsibilities. Models compliance with company policies and procedures and supports company mission, values, and standards of ethics and integrity by incorporating these into the development and implementation of business plans; using the Open Door Policy; and demonstrating and assisting others with how to apply these in executing business processes and practices.
What you'll do...
- Writing appropriately for various audiences
- Reading for deep comprehension with the ability to provide executive summarization (including for complicated documents such as legal documents, laws, regulations, etc.)
- Excellent grammar, style, and formatting skills for various types of written content (including advanced Microsoft Word experience)
- Highly organized and adept at simultaneously managing many ongoing tasks associated with multiple projects
- Broad knowledge of IT and intermediate knowledge of IT security and risk management subjects
- Proven ability to work with people at various levels and in diverse roles (e.g., specialists, technical experts, management, executives) from throughout the company to produce enforceable governance understandable by its intended audience
- Intermediate knowledge of governance frameworks and common standards bodies (especially NIST and ISO)
- Proven success working with communications and awareness professionals to produce educational material tied to directives
- Proven success working with higher-level governance organizations to ensure alignment with governing standards and processes
- Proven experience conducting research into governance questions from a broad spectrum of customers and providing an accurate and timely response
- Driven to continuously improve processes they manage and in which they participate
- Develop templates and guidance to facilitate the best input of subject matter experts
- Ability to see the broader picture and where InfoSec directives fit into it and each other
- Demonstrated ability to drive improvement and reduce complexity and redundancy, preferably using mature methods such as Six Sigma or Lean
- Analyze organizational information security policy
- Write InfoSec policy and other governance documents
- Ensure InfoSec directives are maintained and reviewed in accordance with company standards
- Assess governance needs and collaborate with stakeholders to develop directives to drive company and organizational activities
- Ensure established strategy intrinsically drives organizational governance
- Identify organizational policy stakeholders, and establish and maintain appropriate working relationships and communication channels
- Drive consensus on proposed policy change from stakeholders
- Oversee the development and implementation of high-level control architectures
- Provide InfoSec policy guidance to IT management, staff, and users
- Research applicable laws, statutes, regulations, and standards, and integrate them into policy as appropriate
- Bachelor’s degree in information security, information systems, business administration, political science, English, or a related field plus two years of related experience within the past seven years, OR
- Four years of related experience within the past seven years, OR
- Master’s degree in information security, information systems, business administration, political science, law, or a related field
- Additional experience or study in English or linguistics is strongly desired
- ACES (American Copy Editors Society)
- CISSP (with ISSMP a plus)
Outlined below are the required minimum qualifications for this position. If none are listed, there are no minimum qualifications.
Minimum Qualifications: Bachelor’s degree in Computer Science, Information Technology, Engineering, Computer Information Systems, or risk related field and 2 years' experience in information technology or risk related field within the last 7 years OR 5 years' experience in information technology or risk related field within the last 7 years OR a Master's degree in Computer Science, Information Technology, Engineering, Computer Information Systems, or risk related field.
Outlined below are the optional preferred qualifications for this position. If none are listed, there are no preferred qualifications.
Auditing, Consumer Software Development, Consumer Software Development - Mobile, Information Security, Information Technology, Investigations, Risk Management, Testing Technologies
CISA - Certified Information Systems Auditor - Certification, CISSP - Certified Information Systems Security Professional - Certification