The Role:
The IVA Governance Lead is pivotal to the Infrastructure Vulnerability Assessments (IVA) Team responsible for driving governance standards, ensuring stakeholder accountability, and overseeing remediation efforts as it relates to the penetration team's findings. The role offers the chance to works directly with and in support of the Infrastructure Penetration Testing team. The ideal candidate needs a blend of governance expertise and an understanding of penetration testing to manage compliance, maintain governance documentation, and effectively interact with senior leadership in risk driven dialogue. This person should be a proactive problem solver with excellent interpersonal and communication skills that align with the required qualifications listed below.
Responsibilities
- Maintain and update governance documentation and standards
- Collect and track feedback and approvals from stakeholders and SMEs to ensure comprehensive governance documentation
- Engage with business stakeholders to ensure remediation and compliance timelines are met
- Develop and present actionable metrics and data-enriched reports to various business lines, facilitating informed decision making
- Lead forums, track program performance, and manage updates
- Drive program improvement initiatives working closely with wider VA colleagues to collate and drive requirements
- Partner with senior leadership to communicate governance statuses and potential risks effectively
- Author enhancements to governance processes, gather feedback, and ensure approval and publication
- Manage corrective actions for documented issues and identify new ones as needed
- Mature our security risk processes by working with a broad range of technical and non-technical stakeholders
- Complete additional tasks as assigned by the direct manager or functional head
Qualifications
- 7+ years of enterprise-level governance experience
- Proven ability to manage conflict, provide leadership, and make decisions
- Strong presentation skills and ability to communicate technical risks to non-technical stakeholders
- Experience in vulnerability management and familiarity with pen-testing concepts
- Capable of integrating deep technical knowledge with governance expertise to drive effective risk management
- Experienced in interacting with senior leadership and business stakeholders
- Excellent presentation skills with the ability to convey technical risks to non-technical stakeholders effectively
- Strong familiarity with Vulnerability Assessment tools (e.g., Nessus, Qualys, etc.), OSI model, OS Security (e.g., Unix, Linux, Windows, Cisco, etc.), and Common Protocols (e.g., LDAP, SMTP, DNS, Routing Protocols)
- Proficiency in writing and executing data queries, with a strong understanding of metrics and data analysis techniques
- Knowledge of security assessment methodology and risk management processes
- Strong knowledge of industry standards as they relate to information security management
- Committed to maintaining high standards of confidentiality and integrity
- Excellent attention to detail and strong organizational skills
- Knowledge of risk management processes and business analytics software is a plus
- Experience with or exposure to Web application infrastructure (e.g., Application Servers, Web Servers, Databases) and/or Web development and programming languages (e.g., Python, Perl, Ruby, Java, and/or .NET) are a plus
Education
- Bachelor's Degree in Computer Science/University Degree or equivalent experience
- Master's Degree preferred
- Industry certifications such as CISA, CISSP, CISM, or GIAC are highly preferred
This job description provides a high-level review of the types of work performed. Other job-related duties may be assigned as required.
Information SecurityFull timeFort Lauderdale Florida United States$117,440.00 - $176,160.00
Anticipated Posting Close Date:
Jul 16, 2024View the " " poster. View the .
View the .
View the