Security Policy Manager
- Job Title
- Security Policy Manager
- Job ID
- 956706
- Location
- Detroit, MI
- Other Location
- Description
-
Direct Hire Opportunity!
Position Description/Responsibilities:
Responsibilities include developing, reviewing, and updating IT and Information Security Policies, Standards, and Baselines to protect sensitive data and reduce organizational risk. These documents establish the framework for the organization to comply with financial industry standards and regulations.
Security Policy Manager activities include: - Manage Information Security, Business Continuity, and Information Technology policies and standards
- Manage Information Security and Business Continuity program documents
- Work with Subject Matter Experts to ensure policies and standards are reviewed and updated as necessary
- Work with Compliance partner organizations to ensure policies and standards comply with appropriate industry standards and regulations
- Represent program, policy, and standard document change proposals to senior leadership for formal approval
- Review and update mapping of control standard requirements to authoritative sources in Security GRC tool (RSA Archer)
- Evaluate solutions and assist in maintenance of the Security GRC tool (RSA Archer)
- Review proposed baseline configuration changes for compliance with policies and standards
- Manage and oversee the security exception process
- Oversight of various approval processes (web access, remote desktop, USB access)
- Issue and track policy violations
- Support the Security Architecture and IT Risk & Controls functions by interpreting policy and standard requirements
- Provide consultative services for various groups in IPRM, IT, and other areas of the organization
- Support the annual application assessment process
- Support the Information Security Awareness program
- Support the Information Security Champions program
- Support IT and IPRM groups during audits
- Respond to outside vendor requests for information regarding policies, standards, and baselines
- Provide status reporting and metrics to leadership as required
Qualifications:
- Experience in the banking industry; preferably at a large bank holding company (BHC)
- Understanding of federal banking guidelines/requirements
- Knowledge of:
- Information Security Governance and Awareness practices
- Federal Financial Institutions Examination Council (FFIEC) guidance and work plans
- Recognized information security-related standards such as ISO2700x, COBIT, PCI-DSS
- Compliance aspects of GLBA, EU Data Protection Directive, Sarbanes-Oxley, and other relevant laws and regulations
- Industry designation preferred (e.g., CRISC, CISA, CISSP, CISM)
- BS/BA or equivalent experience required
- Ability to interact with a variety of internal and external people in a professional manner that creates confidence in his/her knowledge and abilities and helps foster mutually satisfactory resolution to risk gaps and issues
- Knowledge and experience in performing assessments aligned with FFIEC work programs
- Analytical and problem solving skills
- Self-motivation and direction
- Detail orientation
- Good organizational skills, ability to establish priorities
- Ability to multi-task, handle competing priorities and follow through on all open items/tasks
- Strong written and oral communications skills including the ability to create organized and articulate summaries of risk assessment findings/points of view that are easily understood by teammates, LOBs, etc.
- Proficiency in Microsoft Word, Excel, & PowerPoint
- Ability to work effectively as a member of a cross-functional team
- Knowledge of IT infrastructure and security
- Minimal travel required (less than 10%)