RSM is hiring an IT Governance Director. They direct the overall Information Security Assessment and Governance activities. Coordinates work with internal and external resources and agencies to ensure IT assessments are completed and reviewed with all appropriate stakeholders, issues are tracked, and agreed resolution plans are tracked to completion.
Coordinate to implement and manage the necessary tools, services, and reporting to properly accomplish the requirements of the work. Provide regular status reporting and scorecards to management.
Responsible for coordinating regular testing of security controls and other IT controls with approved frameworks (e.g. NIST CSF), to ensure digital asset protection is aligned with firm business goals.
? Work with internal resources to coordinate regular IT Risk Management activities such as controls testing, internal assessments and remediation monitoring, develop reactive and proactive plans to appropriately respond to identified issues and gaps.
? Establish projects/investments to continuously improve and optimize the internal and vendor assessments process along with the overall security program.
? Work with appropriate internal representatives, including the National Office of Risk Management, General Counsel, and regulatory personnel to ensure compliance with regulatory and contractual obligations.
? Work with internal and external resources to coordinate SOC II controls testing, closure activities, and reports.
? Work with National Office of Risk Management to coordinate and standardize data privacy/data security responses to inquiries.
? Manage and enhance information security policies, standards and procedures to ensure compliance with regulatory and contractual obligations. Oversee and monitor the policy exception process.
? Work with the appropriate functional areas and lines of business representatives to ensure the Information Security roadmaps are focused on the largest risks and align with existing and planned technology roadmaps.
? Bachelor of Science or equivalent experience in an information security/technology leadership role ? Required CISA ? Preferred
? CISSP ? Preferred CIPP ? Preferred
? Strong project management skills and experience in creating and managing project plans, including budgeting and resource allocation and progress reporting ? Required
? 7+ years, progressive experience in a technology security or security assessment role.
? Experience working with legal, risk, audit and compliance staff.
? Experience developing and maintaining policies, procedures, standards and guidelines
? Practical knowledge and understanding of NIST principles, including CSF.
? Experience or knowledge of common information security management frameworks, (e.g. NIST CSF, ISO 2700x, ITIL, COBIT, PCI)
? Experience or knowledge of common data privacy laws and regulations (e.g. HIPAA/HITECH, EU GDPR, GLBA)
? Strong leadership skills and the ability to work effectively with business managers, IT engineering and IT operations staff.
? Ability to break down technically complex and ambiguous concepts and rationalize into simple concepts and ideas.