The ICG Information Security (IS) group is looking for a skilled Technical Program Manager to manage the Component Vulnerability Management (CVM) Program which identifies security risks of known 3rd party and open source vulnerabilities within applications across the enterprise. BlackDuck is the main tool the CVM program uses for software composition analysis to identify vulnerable open source in 3rd party libraries. The successful candidate must have strong technical skills, strong oral and written communication skills and be able to inform and influence a broad range of stakeholders.
Information Security is a critical IT Risk Management activity that is regulated by the Government and is mandated by Corporate and Sector policy. The ICG IS Program Manager will be responsible for ensuring effective ongoing program governance, reporting, and escalation. This role will report to the ICG Information Security Program Lead and work with the business-embedded Global Information Security Officers and the respective Development Organizations to meet ongoing program milestones. This role will also assist with the implementation of new IS/IT Risk Management processes and help identify opportunities for process improvements.
• Manage the CVM Program to program deliverables, milestones and to a no “surprise” culture.
• Work with the business-embedded ISOs and Application Managers to manage and track CVM Findings in compliance with Policies and Standards.
• Manage the CVM Program within defined Metrics & Reporting Thresholds.
• Act as the liaison between the Application Managers/Control Teams and the Technology infrastructure VA Team to resolve any identified issues.
• Ensure that critical IT risk issues are communicated to and reviewed by appropriate levels of management.
• Delivery of key IT Risk Management program deliverables whether deemed a fire drill or Business As Usual (BAU).
• Ensure that critical IT control processes conform to standards and provide appropriate reporting.
• Monitor applicability and changes to internal policies and adjust approach as required. This may entail adjusting existing reports, creating new reports, and changing approach in dealing with end users.
• Provide guidance and coordination with other corporate groups around approaches, solutions and best practices in governance, information risk management, program development and security compliance.
• Maintain a core competency with IT security, regulatory compliance and data privacy issues. Ensure that standards of risk management & control are applied throughout the organization.
• Measure and report on the effectiveness and efficiency of IT Risk Management activities to management.
• Liaise, consult and provide leadership to the business with technical security issues, standards, program development, security training/awareness and information protection best practices.
• Assist in ensuring alignment of IT security architecture, policies, procedures and standards with the corporate risk profile.
• Assist in the development of a reporting framework and process, citing results and establishing recommendations and timelines to improve overall IT security within ICG.
• Assist in the development of a framework and process responsible for assessing information risks and creating corresponding mitigation plans.
• Monitor applicability and changes to internal and external regulations affecting technology, information protection and risk.
• Ensures communication of key Information Security strategies and plans to the ICG organization.
• A confident, dynamic individual capable of working with both technology and business contacts in a constantly evolving environment.
• Strong Technical Skills.
• Ability to remain calm under pressure when faced with difficult or urgent issues and competing priorities.
• Undergraduate degree required.
• Ms Office skills required.
• CISSP and/or CISM required.
• Information Security and Program Management delivery experience.
• Experience in the banking industry.
• Good communication skills, both orally and written.
• Good organization skills.
• Ability to work with development organizations to develop solutions to security issues.
• Advanced analytical and problem solving skills with the ability to present data in a format that facilitates senior management decision making.
• Strong time management with the ability to remain calm under pressure and meet deadlines.
• Ability to multi-task and work independently with a virtual team against tight timelines.
• Comfortable working as part of global team across multiple countries, cultures and time-zones
• Passionate about information security and should welcome a challenge.
• Focused on considering business enablement while reaching balanced information risk judgments.
• Adept at presenting mathematical and numerical data in a format that facilitates senior management decision making.
• Good time management skills.
• Self-motivated and demonstrate high level of drive, energy and initiative.
• Customer-oriented, resourceful and enthusiastic.
cissp, cism, information security, program management, banking, MS office, Component Vulnerability Management, CVM, risks, third party risk, vulnerabilities, Black duck, governance, Embedded ISOs, compliance