Job Description
The Manager of Information Assurance is responsible for identifying and documenting Information Technology (IT) risks, analyzing vendor and supplier risk, sharing the Pillsbury security-related activities with customers, and ensuring Pillsbury’s continued compliance with relevant standards (GDPR, SOC2, SOX etc.). This role’s primary objective is to oversee the enterprise information assurance program.
The Manager plays an important role in the Information Security team's global mission. The manager is a hands-on, high energy, and collaborative leader who can balance the intent of security policies with productivity and value generation. The successful candidate will have deep cybersecurity, technology, audit and risk management expertise, and will work closely with the Director of Security and Continuity. They will be asked to innovate on the existing audit processes and create a modern audit program that reduces the difficulty of complying with multiple audit standards.
This position will also be a key leader in and help continue to mature the existing Third-Party Risk Management (TPRM) program. The manager will lead client information security inquiries, audits and will direct matrix team members as required.
The ideal candidate will create and manage Key Performance Indicators (KPI's) and Key Risk Indicators (KRI's) with the Director of Security and Continuity and the firm Enterprise Risk Management function. This role will be expected to conduct high-level presentations to senior executives, while also being able to communicate on a technical level. The ideal candidate is a highly motived but compassionate leader, who has a strong desire to advance their career and build a high-energy, modern Governance, Risk and Compliance (GRC) program. This role will report to our Director of Security and Continuity.
Responsibilities
Responsibilities include leading a cross-functional team of information security professionals with wide-spread responsibility; coordinating data-driven risk assessments and risk-based analysis of controls; conducting industry benchmarking, regulatory requirement gathering and peer-based analysis of available controls, risk assessment methodologies and risk mitigation practices to assess for coverage gaps.
The Manager will also assist in the development of information security and information technology metrics (e.g. KRIs and KPIs) to continuously monitor and oversee program level risks; provide periodic updates, reports, and recommendations to management, regarding best practice information security and information technology controls, risk assessment and remediation strategies; and advocate for the cyber security program and evoke cooperation across business units.
In addition, the manager will be required to build and maintain relationship with various stakeholders; streamline and create audit efficiencies to manage client audits and other regulatory audit activities; partner with Cybersecurity Operations Center Manager to implement security measures to protect computer systems, networks, and data; assist in creating, testing, and implementing disaster recovery plans; and support other Information Security initiatives, as assigned.
Qualifications
Preferred candidates should have a bachelor's degree in a related field or equivalent experience; 7+ years of experience in information security; a minimum of 5 years of experience in cyber risk management; and 3+ years management experience for information security, risk management and compliance activities. Candidates should also have professional certifications (CISSP, CISA, CISM or CASP); a deep knowledge of SOC 1, SOC 2 compliance requirements; background as a technologist, with a deep understanding of application development and DevOps; understanding of risk assessment methodologies, frameworks, and industry standards: E.g., ISO 27001, NIST, FEDRAMP; and a proven ability to understand and interpret legal, regulatory and contractual compliance requirements.
Successful candidates should have strong leadership skills, attention to details, and the ability to influence business partners with a firm strategic view. Candidates should have proven project management skills, the ability to build relationships, and excellent verbal and written communication skills.