Overview

AARP is the nation's largest nonprofit, nonpartisan organization dedicated to empowering people 50 and older to choose how they live as they age. With a nationwide presence, AARP strengthens communities and advocates for what matters most to the more than 100 million Americans 50-plus and their families: health security, financial stability and personal fulfillment. AARP also produces the nation's largest circulation publications: AARP The Magazine and AARP Bulletin.

Information Technology Services is responsible for AARP enterprise-wide technology and information security functions. Services range from infrastructure design and operations, system and software lifecycle implementations, enabling the mobile workforce and protecting AARP network, systems and data. A variety of technologies and practices are used including cloud computing, automation, artificial intelligence and machine learning within highly collaborative Agile teams.

The InfoSec Third Party Risk Manager manages, plans, and assesses oversight of information security controls. Drives risk and information security control implementation projects, which may include operational, regulatory, or compliance components, providing subject matter expertise for information security control implementation to the organization. Advises management on information security controls and alignment with information security frameworks, internal policies and procedures, and applicable laws and regulations. The InfoSec Third Party Risk Manager oversees the implementation of methodologies to track risks and control alignment, including technology solutions, and the documentation, awareness, and training necessary for the effective use of such technologies. Executes special projects for senior management.

Responsibilities

• Assists and/or leads training and education sessions on emerging risks and information security controls to mitigate those risks for the benefit of the department and organization.
• Collaborates with other organization personnel to identify and implement controls and/or process improvements to reduce risk, including solutions to manage risks more effectively in support of the business unit or organization's goals.
• Communicates alignment of information security controls with established frameworks to business owners, managers, and executives in an understandable and compelling way to drive risk-mitigation adoption.
• Plans, leads, manages, and executes risk-based assessments of information security controls, working collaboratively with management to identify and mitigate top risks.
• Provides leadership and guidance for co-sourced subject matter experts and staff to deliver consistent and exceptional client service in execution of information security control assessments and risk and controls advisory projects.
• Serves as operational liaison across the organization portfolio of companies to manage and mitigate information security risks in a consistent manner, sharing lessons learned and identifying areas of risks for risk mitigation.
• Stays abreast of current and emerging operational and regulatory risks and assesses the risk's relevance to the organization and its operations to continuously prepare and protect the organization.
• Defines work using agile frameworks and practices and in alignment with information security GRC outcomes.

Qualifications

• Bachelor's degree or equivalent in Information Technology, Computer Science, Engineering or related field.
• 3+ years assessing and providing implementation guidance for an organization's third-party risk management program and delivering value-added third-party risk management metrics to diverse organizational audiences.
• 7+ years experience working in and/or managing Information Security Governance, Risk, and Compliance functions.
• Experience providing oversight and management of the Third-Party Security Program (TSP) including the management of contractor staff and vendors, achievement of program milestones, and management of the TSP budget.
• Collaborate with organizational units to communicate program goals, identify and remediate program issues, provide guidance and direction, and integrate TSP processes into organizational processes to enhance program maturity and efficiency. Demonstrated ability to direct cross-functional teams to implement and enforce the TSP.
• Manage program metrics in combination with business unit insights to identify and address third party security risks.
• Experience developing and implementing information security control frameworks tailored to an organization preferred.
• Proven ability to coordinate disparate information sources and drive results.
• Strong written and verbal communication skills with demonstrated experience translating complex, technical topics into simple, understandable terms.
• Progressive IT and security program management experience and use of agile delivery methodologies, including Scrum and Kanban.

Additional Requirements

• Regular and reliable job attendance.
• Exhibit respect and understanding of others to maintain professional relationships.
• Independent judgement in evaluation options to make sound decisions.
• Home office environment with the ability to work effectively surrounded by moderate home environment noise.

Flexible Work Arrangement (FWA)

AARP observes Mondays and Fridays as telecommuting workdays, except for essential functions. Remote work and telecommuting can only be done within the United States and its territories.

Compensation and Benefits

AARP offers a competitive compensation and benefits package including a 401(k); 100% company-funded pension plan; health, dental, and vision plans; life insurance; paid time off to include company and individual holidays, vacation, sick, caregiving, and parental leave; performance-based and peer-based recognition; tuition reimbursement; among others.

For this position, we anticipate offering a salary between $144,000 to $168,000 per year. This role is also eligible to participate in an annual incentive plan with a percentage up to 12%. Bonus eligibility is dependent upon organizational and individual performance.

Equal Employment Opportunity

AARP is an equal opportunity employer committed to hiring a diverse workforce and sustaining an inclusive culture. AARP does not discriminate on the basis of race, ethnicity, religion, sex, color, national origin, age, sexual orientation, gender identity or expression, mental or physical disability, genetic information, veteran status, or on any other basis prohibited by applicable law.