Information Security PMO Analyst
|Reference # :||20-00587||Title :||Information Security PMO Analyst|
|Location :||Tampa, FL|
|Position Type :||Contract|
|Experience Level :||Start Date / End Date :||06/01/2020 / 05/31/2021|
The Institutional Clients Group Information Security is a critical IT risk management activity that is regulated by the Government and mandated by Corporate and Sector policy. The Chief Information Security Office (CISO) ensures that Client is fully compliant with the Major Global Bank's Information Security program, policies and standards. CISO is tasked to protect the confidentiality, integrity and availability of the information and information systems under Client's control. It helps Client businesses to identify vulnerabilities and threats to information resources and to implement appropriate controls that mitigate risk to an acceptable level based on the value of that information resource to the organization.
The Client Information Security (IS) group is looking for a skilled Technical Program Manager to assist in the management of the Component Vulnerability Management (CVM) Program which identifies security risks of known 3rd party and open source vulnerabilities within applications across the Client enterprise. BlackDuck is the main tool the CVM program uses for software composition analysis to identify vulnerable open source in 3rd party libraries. The successful candidate must have good technical skills, good oral and written communication skills and be able to inform and influence a broad range of stakeholders.
Information Security is a critical IT Risk Management activity that is regulated by the Government and is mandated by Corporate and Sector policy. The Client IS Program Manager will be responsible for ensuring effective ongoing program governance, reporting, and escalation. This role will report to the ICG Information Security Program Lead and work with the business-embedded Global Information Security Officers and the respective Development Organizations to meet ongoing program milestones. This role will also assist with the implementation of new IS/IT Risk Management processes and help identify opportunities for process improvements.
- Assist in the management of the CVM Program to program deliverables, milestones and to a no "surprise” culture.
- Help the business-embedded ISOs and Application Managers to manage and track CVM Findings in compliance with Client's Policies and Standards.
- Assist in the management of the CVM Program to defined Metrics & Reporting Thresholds.
- Act as the liaison between the Application Managers/Control Teams and the Client Technology infrastructure (CTI) VA Team to resolve any identified issues.
- Help to ensure that critical IT risk issues are communicated to and reviewed by appropriate levels of management.
- Assist with the delivery of key IT Risk Management program deliverables whether deemed a fire drill or Business As Usual (BAU).
- Help to ensure that critical IT control processes conform to standards and provide appropriate reporting.
- Assist in monitoring applicability and changes to internal policies and adjust approach as required. This may entail adjusting existing reports, creating new reports, and changing approach in dealing with end users.
- Provide guidance and coordination with other corporate groups around approaches, solutions and best practices in governance, information risk management, program development and security compliance.
- Help to measure and report on the effectiveness and efficiency of IT Risk Management activities to management.
- Liaise, consult and help in providing leadership to the business with technical security issues, standards, program development, security training/awareness and information protection best practices.
- Assist in ensuring alignment of IT security architecture, policies, procedures and standards with the corporate risk profile.
- Assist in the development of a reporting framework and process, citing results and establishing recommendations and timelines to improve overall IT security within ICG.
- Assist in the development of a framework and process responsible for assessing information risks and creating corresponding mitigation plans.
- Help to monitor applicability and changes to internal and external regulations affecting technology, information protection and risk.
- Help to ensure communication of key Information Security strategies and plans to the ICG organization.
- Capable of working with both technology and business contacts in a constantly evolving environment.
- Good Technical Skills.
- Ability to remain calm under pressure when faced with difficult or urgent issues and competing priorities.
- Undergraduate degree required.
- Microsoft Office skills required.
- CISSP and/or CISM a plus.
- Information Security and Program Management delivery experience.
- Experience in the banking industry.
- Good communication skills, both orally and written.
- Good organization skills.
- Ability to work with development organizations to develop solutions to security issues.
- Good analytical and problem solving skills with the ability to present data in a format that facilitates senior management decision making.
- Good time management skills with the ability to remain calm under pressure and meet deadlines.
- Ability to multi-task and work independently with a virtual team against tight timelines.
- Comfortable working as part of global team across multiple countries, cultures and time-zones
- Passionate about information security and should welcome a challenge.
- Focused on considering business enablement while reaching balanced information risk judgments.
- Adept at presenting mathematical and numerical data in a format that facilitates senior management decision making.
- Good time management skills.
- Self-motivated and demonstrate high level of drive, energy and initiative.
- Customer-oriented, resourceful and enthusiastic.
Please see our complete list of jobs at: