IT Security Manager

Job Description

We have an amazing opportunity for a IT Security Manager (GRC), available within our Global Business Services division. This position has been created due to growth! The IT Security Manager (GRC), will be working with a team to manage our enterprise IT Risk management process, working closely with project teams as well as internal / external groups to protect and enhance the confidentiality, integrity, and availability of Wolters Kluwer assets.

Candidate will be tasked with managing the responsibilities including but not limited to IT Risk Assessment, Work with internal and external partners to manage all Third-party attestation projects for all divisions across WK. Manage to resolution all findings and observations identified from all sources of audits and assessments from both internal and external entities. Proactively work with internal Subject Matter Experts (SMEs) to build controls not only to remediate the findings, but to prevent future reoccurrence, as well as, update WK s internal control catalog to meet the variety of standards, laws and regulations.

Essential Duties and responsibilities

• Participate in governance, risk and compliance related assessments, policy and procedures, awareness and training for end users, change management, internal control identification and measurement per applicable guidelines and frameworks: ISO 27001:2005, NIST 800, NIST/CSF, PCI, GDPR, HITRUST and FISMA.
• Lead risk methodology development and execution maintain updates and mapping of governance, risk and compliance (GRC) assessments for changing requirements/criteria related to SOC1, SOC2, SOX, in addition to other regulatory or industry requirements such as HITRUST, GDPR per applicable guidelines and frameworks: ISO 27001:2005, NIST 800, NIST/CSF, PCI, GDPR, HITRUST and FISMA.
• Work across matrix business environments both internal and external for risk and compliance (audit) readiness for regulatory reviews, SOC1, SOC2, SOX, and other industry requirements such as HITRUST, GDPR.
• Work with business units in a consulting role to assist in their understanding of internal controls and measurements in addressing strategic initiatives, business/client drivers and concerns, future audits and compliance requirements.
• Lead/Manage methodology development, updates and mapping of governance, risk and compliance (GRC) assessments for changing requirements/criteria related to SOC1, SOC2, SOX, strategic leadership initiatives, and other regulatory or industry requirements such as HITRUST, GDPR per applicable guidelines and frameworks: ISO 27001:2005, NIST 800, NIST/CSF, PCI, GDPR, HITRUST and FISMA.
• Lead governance, risk and compliance (GRC) liaison with internal and external audit resources, external customers and government regulators, domestic and international.
• Actively support business units request for information and data security risk, technology risk, technical vendor relationship management, product selection and design related to the authority and responsibility of GRC within an Enterprise Risk Management (ERM) model.
• Promote a positive, entrepreneurial, consulting, performance focused culture within governance, risk and compliance (GRC) that works effectively with stakeholders in the development and launch of services and programs that support compliance and company growth.
• Work with divisional staff and representatives to develop long-term risk strategies, annual risk assessments, risk measurement metrics and tactical plans to reduce company risk exposure.
• Support the coordination, tracking and reporting on divisional and business units metrics, results, data modelling, processing, calculating and transformation into meaningful risk metrics and reports.

Other Duties

Performs other duties as assigned by supervisor.

Job Qualifications

Education: (Describe the minimum, relevant education required to perform the job. Then list any additional preferred or desired education.) Experience: (List the minimum, relevant amount of experience required to perform the job. Then list any additional preferred or desired experience. Include the phrase or equivalent at the end of the minimum requirements

• Bachelors Degree in Accounting, Computer Science, Risk Management or equivalent years in experience
• Certifications required (two), preferred certifications: Certified Information Systems Auditor (CISA, Certified in Risk and Information System Controls (CRISC), Certified Information System Security Professional (CISSP), or equivalents.
• 8+ years of combined experience with consulting, external audit, company in house and outsourced internal audit, assurance services, contracts; experience with a Big 4 is required.
• 8+ years of hands on combined experience with designing and implementing technology controls in diverse technology environments, including auditing, risk assessments and providing recommendations for remediation.
• 6 years of hands on combined experience, preferred in business process design, system integration, identity access & management, data privacy and protection, system development life cycle (SDLC), vulnerability assessment, information technology security, incident response, vendor management, backup and recovery and continuity planning.
• 6+ years of operational leadership roles that include domestic and international; diverse industry experience preferred, ; consulting services, financial services and banking, insurance and healthcare, risk and compliance.
• 6+ years of audit experience with SOC1, SOC2, SOX 404 and regulatory compliance.
• + years of combined hands on operational experience in; accounting, tax, payroll, human resources, information technology operations, information technology security, risk management.
• 5+ years as a Subject Matter Expert (SME); working with industry frameworks including; COSO, ISO, NIST 800-53, NIST/CSF, PCI, HITRUST, FISMA and GDPR.
• Experience leading engagements, establishing budgets, developing work programs/plans, building relationships, mentoring staff, providing performance feedback, and monitoring workloads of team(s) while meeting stakeholder and client expectations.
• Advanced written, verbal and presentation skills; including interactions with key stakeholders, internal executive management and external executive management and senior leaders.
• Experienced working in remote environments. Independent, motivated self-starter with the ability to analyze complex problems, think critically, problem solve, influence change, provide thought leadership.
• Excellent interpersonal skills, including the ability to work across a highly matrixed organization, interacting, influencing, negotiating effectively with all levels of leadership and peers
• Experienced with vendor and managed security services with ability to identify continuous improvement opportunities to drive risk assessment effectiveness and efficiency.
• Ability to travel to customer sites as needed

Other Knowledge, Skills, Abilities or Certifications: (First list requirements, followed by preferences.)

• Knowledgeable of computer networks, hardware, operating systems, and software including understanding IT General Controls (ITGC) testing concepts are preferred
• Knowledgeable of risk methodologies, design and test of controls, data analytics including metrics and measurements.

Keyskills :
security operationssafetycctvsopriskit risk managementsubject matter expertsbusiness process designmanaged security servicesenterprise risk managementvendor relationship managementit general controlssox 404it risklife cycleit securitydata