RSA - Senior Information Security & Privacy GRC

RSA - Senior Information Security & Privacy GRC

As organizations across the globe transform to meet the rapidly evolving demands of the post-pandemic world, cybersecurity has become the bedrock of today’s digital economy. Nowhere is this more critical than in securing the identities of the employees, external users, and customers that drive the modern digital business. RSA is the most recognized and trusted brand in Identity Assurance with more than 12,000 customers, including 90% of the Fortune 500. For over 35 years, RSA has pioneered many of the encryption, authentication and identity federation technologies that still power the Internet today. And now RSA is transforming the industry yet again, paving the way for the future of digital Identity through next-generation SaaS-powered Identity Assurance and a frictionless, mobile-optimized experience for the modern workforce. If you are a self-motivated team player looking for a fast-paced challenge doing something that truly matters, come join our winning team!

Be part of the RSA Security & Risk Office (SRO) as we are seeking a Sr. Advisor Governance Risk & Compliance (GRC) & Customer Assurance. The role supports our security awareness program, policy & standard management, annual security audits and provides outbound assurance of RSA security practices to customers. This role will be accountable for the day-to-day management of our GRC practices reporting directly to the CISO. The Sr. Advisor will partner with cybersecurity, operations, sales, product management and engineering to maintain and facilitate the creation of customer facing security deliverables such as the Standard Information Gathering (SIG) and responses, a repository of standard responses, perform Security & Resiliency customer legal term reviews, and be knowledgeable regarding RSA’s controls framework.

Key Responsibilities:

•  Assist with the management of security policies, standards, and procedures in alignment with the NIST framework and customer contractual obligations
•  Capture, document and manage information security risks, ensuring risk acceptance or risk remediation plans are documented
•  Respond to RSA customer requests regarding security and resiliency posture and practices, supporting new business and customer retention
•  Enhance the portfolio of sales / customer consumable materials that describe the security and resiliency posture within RSA
•  Develop tools and processes and contribute to a library of responses to respond to customer security questionnaires, ensuring accurate and effective responses are provided in a timely manner to customer requests
•  Act as an expert resource in the negotiation of acceptable Information Security contract provisions/language with customer and internal legal teams
•  Facilitate audit activities with external audit firms and internal resources for SOC 2 Type II, ISO 27001/2and customer audit engagements
•  Effectively manage, track and resolve findings and issues arising from external or customer audits alongside accountable service delivery teams
•  Facilitate annual business continuity plan maintenance and exercises, creating a customer facing executive summary
•  Partner with corporate communications to publish regular SRO companywide security awareness campaigns, general department news and security advisories
•  Update and maintain Security Program content on internal SRO intranet site
•  Support SRO KPI Metrics program for cross functional metric reporting and analysis

Requirements:

•  Bachelors degree or equivalent experience in Information Security, Cyber Security, Risk Management, 3rd Party Risk or similar disciplines preferred
•  8+ years overall professional experience, ideally in a technology setting. 
•  5+ years of current IT Audit, IT Risk Management and/or Governance Risk & Compliance experience  
•  Working knowledge of some of the following control frameworks NIST 800-53, NIST CSF, ISO 27001/27002, EU GDPR, PCI-DSS
•  Hands-on experience performing security control assessments utilizing established industry frameworks. 
•  Ability to interpret, translate and negotiate with both technical and non-technical personnel information security control modifications and/or remediation progress plan milestones. 
•  Possess strong customer service skills, with the ability to work well independently, with minimal oversight. 
•  Ability to interpret security contract legal terminology, with the assistance of legal resources to determine appropriate responses or modifications to standard security terms.
• Strong verbal and written communications skills in English are   
• Given the diverse locations of our team members, the ability to work effectively globally and cross-functionally is critical. 
•  Professional certifications in governance, risk & compliance, security, or resiliency such as CISA, CRISC, CISM, ISA/QSA, PCIP, CISSP are preferred but not required

RSA is committed to the principle of equal employment opportunity for all employees and applicants for employment and to providing employees with a work environment free of discrimination and harassment. All qualified applicants will receive consideration for employment without regard to race, color, and any other category protected by applicable country law.

If you need a reasonable accommodation during the application process, please contact the RSA Talent Acquisition Team at rsa.global.talent.acquisition@rsa.com. RSA and its approved consultants will never ask you for a fee to process or consider your application for a career with RSA. RSA reserves the right to amend or withdraw any job posting at any time, including prior to the advertised closing date.