Information Security GRC Leader

4 days left

Employer
AARP
Location
Washington, DC
Posted
Jan 01, 2023
Closes
Jan 31, 2023
Ref
3861
Industry
Security
Hours
Full Time
Overview

AARP is the nation's largest nonprofit, nonpartisan organization dedicated to empowering people 50 and older to choose how they live as they age. With a nationwide presence and nearly 38 million members, AARP strengthens communities and advocates for what matters most to families: health security, financial stability and personal fulfillment. AARP also produces the nation's largest circulation publications: AARP The Magazine and AARP Bulletin.

Information Technology Services is responsible for AARP enterprise-wide technology and information security functions. Services range from infrastructure design and operations, system and software lifecycle implementations, enabling the mobile workforce and protecting AARP network, systems and data. A variety of technologies and practices are used including cloud computing, automation, artificial intelligence and machine learning within highly collaborative Agile teams.

The Information Security GRC Leader is the servant leader on a practice team responsible for the strategies, outcomes, metrics, and alignment to industry and enterprise frameworks. This position is accountable for creating and socializing the practice strategy and associated outcomes within the enterprise and will be expected to deliver incremental business value in an agile environment. The Information Security GRC Leader must be a multi-faceted specialist able to create a meaningful practice, orchestrate a variety of stakeholders to define shared priorities, and build a sense of ownership within the team.

Responsibilities

  • Drives the alignment, adoption and compliance of organizational policies, standards, guidelines, and processes to selected enterprise or industry frameworks, such as CIS Critical Security Controls or Scaled Agile Framework (SAFe).
  • Owns the creation of appropriate metrics, tools and systems to measure maturity of the enterprise, department, and/or teams against selected framework.
  • Collaborates with internal and external stakeholders as well as platform and capability teams to determine the impact of current practice maturity and negotiates tradeoffs needed to mature the practice.
  • Leads, manages, and mentors the practice team to design, deliver, and implement initiatives that improve enterprise, department, and/or team maturity using an agile approach.
  • Prioritizes the team's backlog.
  • Conducts data-driven analysis and reviews and analyzes performance to drive decisions that deliver business value.
  • Develops and applies practice knowledge and expertise related to domain area systems, solutions, services and applications.

Qualifications

  • Bachelor's degree or equivalent in Information Technology, Computer Science, Engineering or related field.
  • 10+ years of IT policy, security controls, and compliance experience in information security with expertise in at least one cybersecurity framework (e.g., CIS CSC, NIST CSF, NIST 800-53, ISO 27001, etc.)
  • At least one year of product management experience and experience managing teams using an agile methodology, such as Scrum or Kanban.
  • Experience managing and growing engineering and delivery talent on the team and can effectively manage individual and team performance.
  • Experience conducting market research and analysis on practice capabilities and industry trends.
  • Experience identifying and prioritizing cybersecurity risks using assessments, penetration tests, and vulnerability scanning, as well as effective risk mitigation strategies.
  • Deep knowledge of Payment Card Industry (PCI) Data Security Standards (DSS), third-party security risk management, and cybersecurity controls.

Physical/Mental Demands
  • Regular and reliable job attendance.
  • Effective verbal and written communication skills.
  • Exhibit respect and understanding of others to maintain professional relationships.
  • Independent judgement and discretion requiring the employee to compare and evaluate various courses of conduct and make a decision (or recommend a decision to be made) after various possibilities have been considered.
  • In office/open office environment with the ability to work effectively surrounded by moderate noise.

Flexible Work Arrangement (FWA)

AARP observes Mondays and Fridays as telecommuting workdays, except for essential functions. Remote work and telecommuting can only be done within the United States and its territories.

Compensation and Benefits

AARP offers a competitive compensation and benefits package including a 401(k); 100% company-funded pension plan; health, dental, and vision plans; life insurance; paid time off to include company and individual holidays, vacation, sick, caregiving, and parental leave; performance-based and peer-based recognition; tuition reimbursement; among others.

Equal Employment Opportunity

AARP is an equal opportunity employer committed to hiring a diverse workforce and sustaining an inclusive culture. AARP does not discriminate on the basis of race, ethnicity, religion, sex, color, national origin, age, sexual orientation, gender identity or expression, mental or physical disability, genetic information, veteran status, or on any other basis prohibited by applicable law.

Similar jobs