Manager, Global IT Security
Provides IT Governance, Risk and Compliance support for the Wolters Kluwer Enterprise under the direction of Global Shared Service’s
ESSENTIAL DUTIES AND RESPONSIBILITIE
Wolters Kluwer Global Business Services is designed to provide services to the business units in the areas of technology, sourcing, procurement, legal, finance, and accounting which includes our North American-Accounting Center. These global centers promote team collaboration using best practices around a specific focus area to drive results and enhance operational efficiencies. There is a constant endeavor to benchmark against best-in-class industry standards to improve the quality of deliverables, increase cost savings, enhance productivity and reduce time to market for products and applications.
- Review, draft and update of corporate Information security policies and standards and maintain the security team portal and documentation library
- Develop and implement information security frameworks/standards such as ISO, NIST/CSF, HITRUST and PCI
- Develop and Support the mapping of Wolters Kluwer security controls across multiple industry frameworks such ISO, NIST/CSF, HITRUST and PCI to assess global controls, and monitor/report security performance
- Conduct IT risk assessment and develop and maintain a IT risk dashboard
- Develop and implement information security and technology risk framework, support vendor relationship management, product selection and consulting agreements to ensure security requirement are define and capture in the agreements with 3rd party.
- Coordinate and lead security policy and IT risk management forums with operations and engineering leads as required to resolve outstanding/pending issues before requiring further escalation
- Expand IT risk assessment coverage depth by adding new tooling to the vulnerability management portfolio.
- Orchestrate the analysis and delivery of findings to internal customers with impactful, comparative, interpretative security analysis in a clear, consistent, and factual manner.
- Track and report on metrics, results, data modelling, processing, calculating and transformation into meaningful metrics and reports
- Analyze data or information, identifying the underlying principles, reasons or fact of information by breaking down information or data into separate parts.
- Build and maintain strong working relationships with IT engineering, operations, and other stakeholders to remediate Vulnerability Finding
Perform miscellaneous administrative and management tasks necessary for the effective management of the Technical Services organization. Performs other duties as assigned by supervisor.
- Bachelor's degree or higher in Computer Science or a related technology field plus 5+ years related work experience.
- Required: If non-degreed, then must have 4+ years equivalent related work experience.
- 5+ years of hands-on experience in reviewing and updating Policy management and Information Security controls and risk frameworks, especially ISO, NIS /CSF and HITRUST.
- Must have excellent verbal and written communication skills.
- 5+ years hands on experience in developing/managing IT risk controls frameworks and performing risk assessments for various corporate business units and/or teams
- Must be able to work independently and with a team, demonstrating strong qualities in project coordination.
- Must be self-motivated and possess excellent planning and organization skills
- May be required to work non-standard business hours.
Other Knowledge, Skills, Abilities or Certifications:
- In-depth and hands on expertise to guidance to the organization on current information security and IT risk management frameworks, threats and ability to recommend means to address those threats
- Current or working towards CISM/CRISC.
- Strong knowledge of controls frameworks such as ISO, NIST/CSF, CoBIT. HITRUST, etc.
- Experience managing MS-SharePoint or other corporate portal tools, preferred
- Solid understanding of information security domain, including application security, vulnerability management and incident management and 3rd party risk management processes.
- Experience managing small teams.
Preferred Certifications or training:
Occasional travel to USA and/or Europe but less than 10%
Normal office environment.
The above statements are intended to describe the general nature and level of work being performed by most people assigned to this job. They are not intended to be an exhaustive list of all duties and responsibilities and requirements.