Senior Manager, Information Security Compliance
The College Board, the national educational organization, is conducting a search for a Senior Manager, Information Security Compliance Role for our Legal department. This position is based in our Reston, Virginia office.
Named by Fast Company as one of the most innovative education companies, the College Board is a mission-focused organization. This job requires a strong focus on improving educational opportunities and outcomes, particularly for disadvantaged students, in the context of a competitive business environment.
The ISGRC team helps support the College Board by maintaining and enforcing security policies and standards throughout the enterprise. All information security awareness and training, security governance, risk management and compliance activities (e.g., ISO 27001, PCI-DSS and SOC) are run by the ISGRC function.
The Senior Manager, Information Security Compliance role is to support the College Board in achieving and maintaining its industry certification program across ISO 27001, PCI-DSS and SOC. As a member of the Information Security Compliance team, the Senior Manager will work with external auditors to identify gaps in existing security controls while ensuring the alignment to applicable industry standards to the College Board. The Senior Manager, Information Security Compliance will work internally with IT teams to collect evidence required for embed compliance requirements into the end to end IT, Security and Operations management processes. The Senior Manager, Information Security Compliance is a business enabler for the IT teams who helps shepherd and embed security into College Board systems. In this role, you will build partnerships with the Information Technology and Operations teams to successfully achieve higher level GRC related goals and objectives while maintaining industry compliance activities. The role requires regular interaction with the Information Security Office (ISO) so previous experience within an Information Security department where you performed audits, risk scoring, security controls assessments, or security compliance activities is a must.
This is a hands-on role where the Senior Manager, Information Security Compliance must work with a combination of executives, technical and non-technical staff to:
- Support the Director of Information Security Compliance in building a modernized security function within the College Board.
2. Support and shepherd information security compliance related activities.
3. Serve as a compliance subject matter expert on ISO 27001, SOC and PCI-DSS based control requirements
4. Support College Board’s modernization activities including the move to cloud-based services.
5. Achieve a robust security compliance program
A successful candidate will have a solid understanding of security compliance processes and minimizing non-value-added security activities. Previous experience with assessment and authorization (A&A) or certification and accreditation (C&A) processes for a large enterprise will be extremely helpful in this role. However, the ideal candidate will demonstrate understanding of security framework commonalities with a deep understanding of tailoring the security controls.
The candidate will be a great team player with flexibility to help out wherever needed. The candidate will be open to learning with a demonstrated ability to work with multiple security compliance frameworks and developing cross-walks and inheritance models to best implement security controls across the enterprise. We are seeking someone who is truly passionate about information security practices and who will achieve results while maintaining a high velocity of activity across the ISGRC function. The ideal candidate will be experienced with agile development methodologies and able to support agile processes throughout the compliance team.
What you’ll do
- Supports and enables the College Board’s security compliance programs
- Provides subject matter expertise in security compliance activities and requirements
- Develops security compliance reports while performing tracking activities
- Interprets compliance deficiencies and enables IT teams to incorporate the full spectrum of security compliance requirements into their build efforts
- Performs documentation updates and develops security compliance artifacts
- Works with the Director of Information Security Compliance to translate security framework requirements into actionable, tailored, and appropriate compliance requirements for the enterprise
- Communicates statuses and gently shepherds compliance activities throughout the enterprise Acts as an advocate of information security, GRC, and privacy programs across the organization.
Presents ongoing status and compliance tracking of the College Board’s information security compliance program to the Director of Information Security Compliance and the Executive Director of ISGRC
- Provides expert-level analysis of compliance requirements to ensure that the College Board’s industry certification programs are continuously improved
- Collaborates closely with other departments to ensure that the information security compliance requirements are met.
- Maintains compliance documentation to support ISO 27001, SOC, PCI-DSS and similar compliance requirements
- Supports automated compliance tools and capabilities such as Archer, Rsam, DM 360 or similar.
- Report and escalate security weaknesses and issues to management as needed
- Manages relationships with the IT, Information Security Office, and other stakeholders
- Other duties as assigned.
- Bachelor’s Degree in Business, Management, Computer Sciences, or equivalent prior work experience in a related field. (Master’s degree preferred)
- Minimum five (7) to (10) years in a computer related field, with at least five (7) in Information Security or a security compliance function in an enterprise setting
- Demonstrated competency in information security compliance activities for a cross-functional environment and with the proven ability to support compliance activities for technical teams is required.
- Excellent client-facing and internal communication skills
- Strong experience with multiple security compliance frameworks and a basic understanding of risk management techniques
- Deep understanding of information security compliance requirements from frameworks such as ISO 27001, COBIT, NIST, NIST 800-53, etc.
- Current Information Security Certification (e.g., CISSP, CISM, PCI-ISA, CISA or related security certification) preferred or the ability to attain one within 6 months of hire.
More about you
- Willingness/ability to work off-shifts (evening, night-time, weekend) as needed or required.
- Basic working knowledge of multiple operating systems: Windows Server 2008/2012; Windows 7/8/10; Linux; and their implementation in AWS or Azure
- Ability to work effectively in both an independent and team environment.
- Experience with performing short term planning sessions.
- Must have the ability to understand technical concepts and communicate security-related concepts to a broad range of technical and non-technical staff, security vendors, consultants and senior management.
- Possesses strong interpersonal and management skills.
- Experience with security risk management programs.
- Ability to gently influence security compliance thinking and business approaches
- Excellent oral and written communication skills, with the ability to present and discuss technical information in a way that establishes rapport, persuades others, and gains understanding.
- Confidence and supportiveness as a member of security teams in working with business users in a cross-functional environment.
- Knowledge and understanding of application, database, and OS level security.
- Excellent problem solving and analytical ability.
- Requires use of a wireless handheld device with messaging capability.
We offer our employees an outstanding benefits package which includes 4 weeks of paid time off, a generous retirement savings plan, tuition reimbursement and ongoing professional development and training.
Our mission is to clear a path for all students to own their future.
The College Board is committed to diversity in the workplace and is an Equal Opportunity Employer. The College Board participates in E-Verify, a service of DHS and SSA, where required. Please understand that only qualified applicants will be contacted.