Job Title: Sr. Associate, Security Policy and Standards
Job Location: United States, Remote

Description:

Searching for a senior information security policy analyst that will drive the development, collaboration, editing, review, approval and publication of process and policy documentation in support of our core security initiatives and services. Primary focus will be on the development of process documentation and cyber security related policies/standards/directives. Responsible for independently authoring information security policies, standards and procedures following established document formats/templates. Broadly socialize draft policies, standards, and procedures documents to solicit feedback from key internal and external stakeholders, driving updates and maintaining version control. Establish and adhere to quality control standards for creating and internally publishing information security policies, standards, and procedures for the company. Communicate with internal and external stakeholders about information security policies, standards, and procedures.

This position requires the ability to travel internationally ~15% - 30%.

Key Areas of Responsibility:

• Serves as an information security liaison to cross-departmental stakeholders in connection with business activities, establishing solutions that integrate security requirements with business priorities.
• Under general supervision, writes a wide variety of documents including formal policies and procedures, process flow maps, how-to guides, job-aides and reference manuals, cheat sheets, and instructions in a clear, accurate, and succinct manner.
• Reviews current policy and procedure documents for thoroughness. Drafts and submits improvement recommendations to appropriate approver and/or subject matter expert(s) for review. Edits and submits final documents using appropriate systems and processes.
• Conducts security related risk assessments (e.g., Policy/Procedure Review, Operational Review, Vendor Review, Contract Review, InfoSec Audit) to understand the risk landscape and to target mitigation steps.
• Communicates with information security leadership and business stakeholders on issues raised during all reviews. Assists with development of action plans for issues/gaps identified during reviews and works with stakeholders to determine appropriate monitoring and testing routines.
• Monitors developments to maintain knowledge of current information security issues, ensuring ongoing compliance with requirements from laws, regulations, and global standards.
• Performs other duties and projects as assigned.

Qualifications:

• Bachelor's Degree in information security, business administration, or related area preferred and a minimum of four (4) years' experience in one or more of the various information security related disciplines (e.g., policy, governance, risk management, compliance, records management).
• Bachelor's degree in an IT or business field preferred, particularly with an emphasis on cybersecurity.
• Possible certifications preferences include U.S. Certified Information Privacy Professional (CIPP/US), Certified Information Privacy Manager (CIPM), Certified Information Privacy Technologist (CIPT), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Controls (CRISC).
• Demonstrates knowledge of, adherence to, monitoring and responsibility for compliance with federal, state, and other laws as they pertain to this position.
• Demonstrates basic understanding of data protection laws and regulations, fair information practices, core data protection principles, and information security related frameworks.
• Proven project management skills with the ability to manage multiple work streams.
• Relationship building skills and the ability to influence and communicate related concepts to technical and non-technical staff.
• Tactical thinking skills, creative problem solving, and analytical skills.
• Effective organizational and time management skills.
• Exceptional verbal, written and interpersonal communication skills.
• Advanced skills in computer terminal and personal computer operation; Microsoft Office applications including but not limited to: Word, Excel, PowerPoint, and Outlook.
• Ability to make decisions that have moderate impact on the immediate work unit and cross functional departments.