Infocenter Security Practice is seeking a Governance, Risk and Compliance (GRC) Practice Leader to work with clients and assigned consultants on the Rapid Digital Transformation of client GRC future state. Seeking an innovative and motivated leader who under general direction uses extensive knowledge and skills obtained through knowledge, experience and education to perform the necessary assessment, analysis and consulting tasks related to specific regulations, industry standards and/or a client’ unique requirements.
Infocenter Security Practice aspires to be a strategic partner in helping our ServiceNow clients better serve their customers and citizens. We work to transform their IT challenges, collaborating to make technology work for them, anytime and anywhere. With a dedication to quality and innovation, we deliver implementation, integration, applications development and managed services on the ServiceNow platform.
- Transform IT and business risk management, governance, and compliance programs based on clients’ business structures, strategies, and priorities using our Rapid Digital Transformation.
- Advise, develop, and implement processes around risk identification, assessment, and remediation, including issues management, exception management, vendor risk management policy management, and security incident and vulnerability response.
- Help clients manage the risk of enterprise systems, applications and data through policies and controls, risk assessments, audits, and issues and exception management.
- Advise clients on building robust risk management and security programs, identifying and mitigating risks, establishing security policies and practices, implementing security controls, and educating stakeholders.
- Drive high-profile and high-impact projects involving complex GRC and risk management challenges.
- Perform gap assessments between security and risk leading practice frameworks and clients’ risk and control frameworks, and advise on remediating gaps.
- Create budgets, staffing requirements, and privacy and security direction for long-term strategies.
- Advise on and assist clients to implement the ServiceNow GRC platform and modules.
- Collaborate and lead meetings with diverse high-level stakeholders, including C-suite, IT operations, system architects, security professionals, and business leads.
- Develop training materials and other communications to increase employee understanding and awareness of GRC, security and risk issues.
- Translate business requirements into technical requirements.
- Communicate GRC technology capabilities into business terms for executive stakeholders.
- Perform other duties as assigned to ensure the smooth functioning of the Security Practice and maintain the reputation of the organization as a viable business partner.
- Recommend programmatic and technical directions and operate with a high degree of independence in matters relating to the investigation, impact, and analysis of GRC practices.
- Operate with a high degree of independence with regard to project management activities, including development of project plans and budget/resource estimates.
- Lead the development and implementation of the system-wide Risk Management function of the information security program to ensure information security risks are identified and monitored.
- Help clients develop and implement effective and reasonable policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation.
- Interacts in both oral and written communications with all levels of System staff including; Computer center staff, developers and other ITS staff, campus technical staff, general counsel, auditors, and all System staff and students and technology vendors and contractors, in matters related to information security and security awareness materials.
- Work with Internal Audit, State Board of Regents, Auditor General’s Office and outside consultants as appropriate on required security assessments and audits
- Coordinate and track all information technology and security related audits including scope of audits, colleges/units involved, timelines, auditing agencies and outcomes. Work with auditors as appropriate to keep audit focus in scope, maintain excellent relationships with audit entities and provide a consistent perspective that continually puts the institution in its best light. Provide guidance, evaluation and advocacy on audit responses.
- Ability to develop security standards and guidelines based on best practices and industry standards
- Experience responding to, analyzing, and communicating information security incidents
- Excellent interpersonal, communication, and presentation skills, including formal report writing experience.
- Bachelor’s degree in information technology or related field
- Knowledge of information security risk management frameworks and compliance practices including SecOps (GRC and/or Security), and frameworks such NIST Cybersecurity Framework, ISO 27001, ISO 31000, NIST 800-53, NIST 800-30, and/or PCI DSS, HIPAA, and other applicable standards, guidelines and best practices.
- Knowledge of securing network technologies, client, and server operating systems.
- Information security, compliance management, risk management and audit management experience.
- Information security related training or certifications such as CISSP or CRISC is beneficial.
- Experience performing and documenting information security audits or risk assessments.
- Familiarity with security auditing processes.
- Familiarity with dashboard creation
- Management consulting experience.
- Agile software delivery methodology experience.