Manager, IT Security

Job Description

Basic FunctionWolters Kluwer Global Business Services (GBS) is designed to provide services to the business units in the areas of technology, sourcing, procurement, legal, finance, and human resources. These global centers promote team collaboration using best practices around a specific focus area to drive results and enhance operational efficiencies. There is a constant endeavor to benchmark against best-in-class industry standards to improve the quality of deliverables, increase cost savings, enhance productivity and reduce time to market for products and applications.We have an amazing opportunity for a Manager, IT Security (Governance and Compliance) available within our Global Business Services division! This position has been created due to growth! The Manager, will be working with a team to manage our Assurance program that provides assistance to our Divisions and Business Units in their efforts to achieve any third-party attestation or certification, such as SOC2 Type2, HITRUST, ISO27001 to name a few. The manager will work with closely with internal project teams as well as internal / external groups to ensure we have a successful outcome for any Wolters Kluwer assets pursuing these attestations or certification. In addition to the pursuit of these attestations, the manager will to provide assistance to control owners in resolving all findings and observations identified from all sources of audits and assessments from both internal and external entities that may impact s WK s ability to obtain these attestation. The manager will work proactively with internal Subject Matter Experts (SMEs) to design and build control structure that would not only resolve the findings/observations identified but would also future reoccurrence. The manager must be experienced in regulations and standards from Financial Services, Health and Legal industries in order to assist WK internal team in interpreting their requirements, as well as, provide guidance on how to mee the obligations of the requirements from these Regulations and StandardsEssential Duties and responsibilities

• Accountable for the management and oversight of the Governance and assurance staff at the Pune office in India
• Accountable for the successful administration of security delivery across multiple functional areas within the Governance and Assurance team including but not limited to customer audits, IT risk assessment, vendor due diligence, and as directed by the Security management team
• Promotes security relationships between internal resources and external entities, including government, vendors, and partner organizations, within the boundaries of applicable WK policy and regulatory requirements
• Act, on as needed basis, as back up to other local management staff at WK locations and perform management duties to ensure continuous security serviced delivery out of the WK India based offices
• Provides leadership to analysts, auditors and advisors and reports results or issues to appropriate level of management.
• Escalates issues to appropriate level of management as necessary and ensures activities of staff result in minimum disruption, which ensure processes and requested information results are achieved.
• Performs interviews and asks questions to gather necessary to perform reviews and assessments based on regulatory requirements.
• Documents, tracks and drive resolutions of observations identified during assessments.
• Produces guidelines and procedures where necessary to Business units on new processes and function introduced by the G&A team.
• Monitors work of analysts and auditors and provides feedback to associates and management.
• Escalates issues to area management and to GIS leadership as appropriate.
• Researches solutions for complex business and technical processes and provide options management for decision.
• Assesses risk of IT systems and operational processes.
• Suggests process improvements through consultation with technical and operations staff.
• Assist technical teams in responding to requests of internal and external auditors.
• Resolves escalated issues on behalf of internal management and acts as liaison to resolve and mediate conflict.
• Provides executive level responses and presentations to provide executive management awareness of issues and problems.
• Documents business processes dependent on information technology.
• Produces engagement planning, tests planning, documents findings, and defines appropriate remediation.
• Delivers presentations to management.
• Analyzes results of specific or general work requests.
• Lead and executes engagement plan and provide status and reporting metrics as necessary.
• Creates tools to gather and retain information with ease to support G&A team.
• Performs other duties as assigned.

Other DutiesPerforms other duties as assigned by supervisor..Job QualificationsEducation: (Describe the minimum, relevant education required to perform the job. Then list any additional preferred or desired education.) Experience: (List the minimum, relevant amount of experience required to perform the job. Then list any additional preferred or desired experience. Include the phrase or equivalent at the end of the minimum requirements

• Bachelors Degree in Accounting, Computer Science, Risk Management or equivalent years in experience, Masters degree is a plus
• Certifications required (two), preferred certifications: Certified Information Systems Auditor (CISA), Certified Risk Manager (CRM), Certified in Risk and Information System Controls (CRISC), Certified Information System Security Professional (CISSP), or equivalents.
• 12 years of combined experience with consulting, external audit, company in house and outsourced internal audit, assurance services, contracts; experience with a Big 4 is required.
• 10 years of hands on combined experience with financial and information technology internal controls design, test, audit, risk assessments, investigations, findings and remediation.
• 10 years of hands on combined experience, preferred in business process design, system integration, identity access & management, data privacy and protection, information technology security, incident response, vendor management, backup and recovery and continuity planning.
• 10 years of operational leadership roles that include domestic and international; diverse industry experience preferred, ; consulting services, financial services and banking, insurance and healthcare, risk and compliance.
• 10 years of audit experience with SOC1, SOC2, SOX 404 and healthcare regulatory compliance.
• 7 years of combined hands on operational experience in; accounting, tax, payroll, human resources, information technology operations, information technology security, risk management.
• 5 years as a Subject Matter Expert (SME); working with industry frameworks including; COSO, ISO, NIST 800-53, NIST/CSF, PCI, HITRUST, FISMA and GDPR.
• Experience leading engagements, establishing budgets, developing work programs/plans, building relationships, mentoring staff, providing performance feedback, and monitoring workloads of team(s) while meeting stakeholder and client expectations.
• Advanced written, verbal and presentation skills; including interactions with key stakeholders, internal executive management and external executive management and senior leaders.
• Experienced working in remote environments. Independent, motivated self-starter with the ability to analyze complex problems, think critically, problem solve, influence change, provide thought leadership.
• Excellent interpersonal skills, including the ability to work across a highly matrixed organization, interacting, influencing, negotiating effectively with all levels of leadership and peers
• Experienced with vendor and managed security services with ability to identify continuous improvement opportunities to drive risk assessment effectiveness and efficiency.
• Ability to travel to customer sites as needed

Other Knowledge, Skills, Abilities or Certifications: (First list requirements, followed by preferences.)

• Knowledgeable of computer networks, hardware, operating systems, and software including understanding IT General Controls (ITGC) testing concepts are preferred
• Knowledgeable of risk methodologies, design and test of controls, data analytics including metrics and measurements.

TraVEl requirementsRequired travel up to 25%, domestic and international. Physical Demands(Include statements that indicate manual dexterity, physical effort, working conditions or exposure to hazards required by the job. Otherwise indicate Normal office environment. If desired, a more detailed ADA form can be included.)The above statements are intended to describe the general nature and level of work being performed by most people assigned to this job. They are not intended to be an exhaustive list of all duties and responsibilities and requirements.,

Keyskills :
managed security servicesit general controlsdata privacyit securitycost savingssox 404business process designit riskdue diligenceiso 27001subject matter expertsnist 80053statements of work sow