Information Security & Risk Management Manager
700 Main St Greater Boston Area, Massachusetts 02139
Position Title: Information Security & Risk Management Manager
Job Location: Greater Boston Area
Duration: 12 months
Interview Expectations: Phone and In Person Required
Required: 5 years hands on experience in risk and compliance and GMP. Wants someone that understands compliance in regulatory environment.
- The Information Security & Risk Management (IS&RM) manager is responsible for providing leadership, innovation, governance, and management necessary to identify, evaluate, mitigate, and monitor the operational and strategic risks.
- The IS&RM manager is functionally responsible for ensuring that the Information Security and Risk Management program is aligned and compliant with the corporate (Group) IGM strategy, the IGM policy framework, laws and regulations, and best in class industry standards.
- The IS&RM manager helps to ensure the alignment and execution of the IGM strategy and road map through the execution of the IGM Policy Framework within the environment.
- The IS&RM manager ensures that tools, practices, and processes are in place to analyze, report, and manage risks within the environment and that the risk management position and strategies are in compliance with applicable regulations and strategic imperatives of the organization.
- Provides governance of operational risk management activities of the organization.
- Monitors and analyzes risks within the environment and reports on these risks to the Head of IS&RM and NX Senior Leadership Team (SLT).
- Provides key inputs and collaboration with various risk/compliance departments (i.e., Quality Management, Data Integrity, Ethics & Compliance, Cyber Security, Privacy/Legal, Records Mgmt., etc.).
- Systematically supports the implementation and monitoring of the IGM Policy Framework to ensure that the integrity, confidentiality and availability of information owned, controlled, and/or processed by the Organization is assured.
- Assists in the formulation and creation of documents and maintains the overall IS&RM strategy for the Organization following the defined Governance Structure
- Assumes responsibility for managing budgeting, accounting and charging requirements.
- Ensures the continued provision and development of skilled and capable people to support IS&RM
For IS&RM owned Processes:
- Actively participates in the sponsorship, design and management of IS&RM process and metrics to ensure a robust and effective organization.
- Validates that all the activities necessary to design, develop, deploy, operate and retire IT services satisfy IGM requirements.
- Assumes responsibility for the optimal design, delivery and deployment of processes, practices and other activities to ensure security of information throughout its lifecycle.
- Responsible for managing information risks (threats, vulnerabilities, and impact). This includes assessing threats and vulnerabilities of information (and information systems) and evaluating how vulnerable information is to threats.
- 5 years of working experience, 5 of those years with Information Security management and/or Quality Management and/or Risk Management
- Demonstrated leadership skills: > 5 years experience in mid-level management positions in a matrix organization
- Experienced IT manager or Corporate Information (or IT) Security Officer with broad and in-depth technical, analytical, and conceptual skills as well as mature risk management and governance experience
- Experience in reporting to and communicating with senior management (with and without IT background, with and without in depth risk management background) on information risk topics
- Excellent written and verbal communication and presentation skills; interpersonal and collaborative skills; and the ability to communicate information risk-related concepts to technical as well as nontechnical audiences, and to audiences with a risk management profile as well as those with a less outspoken risk management profile.
- University working and thinking level
- Degree in business/technical/scientific area or comparable education/experience
- Professional information security certification, such as CISSP