Sr. Manager of Client Security Solutions/BISO JT2LH

Sr. Manager of Client Security Solutions- Remote

Job Description

iSphere is currently seeking a highly motivated and experienced Sr. Manager of Client Security Solutions.  This role will serve as a senior leader within the Information Security team reporting directly to the Senior Vice President, Chief Information Security Officer.  The Sr. Manager of Client Security Solutions is responsible for understanding the current security posture of the organization’s Clients, Client facing systems and processes globally. While performing this work, the individual catalogs and analyzes client-required or requested security practices, allowing Global IT to select improvements to security practices that make the company more competitive. In responding to the complex client requests (MSAs and Questionnaires) will work with legal, compliance and support teams to effectively respond back with compliance with privacy regulations (i.e. GDPR). 

1.2 Responsibilities:

In the role of the Sr. Manager, Client Security Solutions you will:

• Be the primary leader to support various Client security needs and solutioning with the business to achieve and maintain Client security compliance.  
• Coordinate client focused security needs across the CISO office to bring in resources as needed.
• Participate with other business areas on reviews of Client security requirements and solutioning.
• Develop and execute Client security reporting as required by the business.
• Interface regularly with the business and Client representatives on security matters. 
• Participate in evaluations of security technologies for fits in the business to achieve security requirements and controls.
• Lead or participate in various security, privacy, risk management, and other initiatives.
• Determine, measure, and agree on actions to close "risk gaps" working with appropriate management and client representatives.
• Strong advocate of IT Security across the Business and Clients ensuring that any recommendations are appropriate and proportionate to the value of the data.
• Build and socialize an IT Security service catalogue that can be used to enable clients and the business to identify appropriate controls to protect their data.
• Lead efforts of SOC2 assessments for Client driven systems as required by the business
• Maintain knowledge of, and contribute to, IT General Controls, EU privacy controls, Cyber Essentials, IT compliance controls (SOX, SOC1, SOC2, etc.), and ISO 27000 security controls.
• Review technical architecture(s) diagrams for security posture, to ensure they meet organizational standards.
• Maintain current assessments of organization’s current global security posture, particularly with respect to client-related information services, using the associated questionnaires and tools.
• Work with teams to develop standard responses for client security questionnaires, particularly those based on the Shared Assessments methodology, for use in building a scalable response process.
• Participate in programs to acquire security certifications or attestations related to client services.
• Work with auditors and vendors who support security and privacy maturity development, and with internal and external auditors.

Required Qualifications:

• Bachelor's Degree in Business, Computer Science, Information Security, or related field from an accredited college
• 6 – 10 or more years’ experience in an IT Risk and/or IT Audit positions
• Experience with IT risk standards and industry best practice approaches, such as ISO 27001 / 2, CoBIT, COSO, ITIL, etc.
• Knowledge of risk assessment methodologies, IT policies and standards, awareness and training.  
• Knowledge of, and in-depth experience with, more than one major IT discipline (e.g., distributed computing, networks, financial applications design and development, IT security and business recovery).  
• Knowledge of Shared Assessments methodology.
• Maintain understanding of cloud computing and innovation in operational technology
• Knowledge of IT processes and development life cycle
• Experience in information security, governance and privacy
• Strong level of experience using the MS suite of Products.

Preferred Qualifications:

• A Master’s degree from an accredited college or university 
• Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or equivalent is preferred
• One or more of the following additional Information Security certifications are preferred: ITIL, CISA, CISM, GMON, CISSP, GSNA, CRISC, GSE, CCSP, CHFI.
• Experience with a GRC system highly desirable.