Business Unit Description

AARP is a nonprofit, nonpartisan organization, with a membership of nearly 38 million that helps people turn their goals and dreams into 'Real Possibilities' by changing the way America defines aging. With staffed offices in all 50 states, the District of Columbia, Puerto Rico, and the U.S. Virgin Islands, AARP works to strengthen communities and promote the issues that matter most to families such as healthcare security, financial security and personal fulfillment. AARP also advocates for individuals in the marketplace by selecting products and services of high quality and value to carry the AARP name. As a trusted source for news and information, AARP produces the world's largest circulation magazine, AARP The Magazine and AARP Bulletin.

Information Technology Solutions (ITS) is AARP's technology leader in positive social change and member value, enabling a more effective workforce and globally connecting employees, members, volunteers, partners and advocates to maximize engagement.

Summary

Develops strategy and oversight to ensure AARP's applications and infrastructure are designed, built, and implemented to the highest security standards to meet and exceed constituents' expectations of security and privacy. Oversees the Governance, Risk, and Compliance (GRC) and Threat and Vulnerability Management (TVM) programs and will be expected to establish the programs' long-term strategy and vision, oversee the execution of all initiatives related to the programs, and align with the overall objectives of the organization.

Responsibilities

1. Identifies security gaps and risks and develops mitigation plans.
2. Leads the GRC program and associated reporting, risk discovery, and risk prioritization efforts.
3. Leads the Threat and Vulnerability Management program, including oversight of third parties managing daily TVM activities, such as scanning, reporting, and remediation.
4. Leads the development and interpretation of security policies and procedures.
5. Develops quantitative risk insights to senior management to ensure data-driven decision making for future investments and initiatives.
6. Evaluates the design and effectiveness of the information security control environment, both operational and technical.
7. Assists in security compliance efforts (e.g., CIS-CSC) and anticipates new compliance requirements.
8. Works closely with legal, compliance, finance, and internal audit on issues and projects.
9. Evaluates and recommends new and emerging security products and technologies.
10. Stays current on emerging security threats, vulnerabilities, and controls.
11. Evangelizes security within AARP and serves as an advocate for member trust.
12. Engages with business unit stakeholders and partners to identify information security solutions required to meet organizational, regulatory, and strategic security requirements and objectives.

Requirements

Completion of a Bachelor's degree in Computer Science or a related field or equivalent experience in an information security capacity and 5+ years of relevant information security experience, with 2+ years of experience managing a GRC program and 2+ years of experience managing a TVM program. Certification in information security a plus (SANS, GIAC, CISSP, etc.).

Knowledge of information security frameworks, such as ISO 27001/2, NIST, and CSC.

Experience in threat modeling and risk assessment approaches.

Experience managing a TVM program and its associated functions.

Knowledge of quantitative risk measurement processes.

Experience in identifying security risks and driving them to remediation.

Experience with GRC tools, such as RSA Archer.

Extensive experience overseeing the use of security scanning tools, such as Qualys.

Knowledge of information security regulations applicable to AARP organizations, i.e. HIPPA, PCI DSS, and various state/national privacy laws.

Experience developing information security policies, procedures, and standards.

Benefits Offered

AARP offers competitive benefits with a 401K, 100% company funded pension plan, health, dental, vision and life insurance, STD/LTD, paid vacation and sick, and other benefits.

Equal Employment Opportunity

AARP is an equal opportunity employer committed to hiring a diverse workforce and sustaining an inclusive culture. AARP does not discriminate on the basis of race, ethnicity, religion, sex, color, national origin, age, sexual orientation, gender identity or expression, mental or physical disability, genetic information, veteran status, or on any other basis prohibited by applicable law.