You are using the web browser we don't support. Please upgrade or use a different browser to improve your experience.
"icon arrow top"

Cyber GRC Manager New

a87263fcd774

Pacific Life

Negotiable

Newport Beach, United States

United States

Other

ASAP

21/11/2020

21/12/2020

Not specified

Permanent | Full Time

Job Description:



Pacific Life is investing in bright, agile and perse new talent to ensure we continue to innovate and strengthen relationships with our policyholders. That’s why we’re actively seeking a Cybersecurity Governance Risk & Compliance (GRC) Manager to join our team and take part in our people-first culture.

Job Description/Requirements :

This role will be responsible for supporting the Pacific Life Enterprise Information Security Office located in Newport Beach, CA. This position will work with various IT teams and business units to provide information security governance, risk, and compliance (GRC) services to the enterprise. You will work with the EISO operational and Engineering teams, as well as, other stakeholders in IT, risk, compliance, privacy, legal, and internal audit to prioritize and deliver information security GRC services. You should be familiar with modern security risks and controls able to pe deeply and rapidly to iterate on ideas and solutions despite ambiguity. This position will report directly to the CISO.

POSITION SUMMARY

This fulltime role will be responsible for supporting the Pacific Life Information Security Program, located in Newport Beach, CA. This position will work closely with stakeholders across the enterprise to maintain and grow core aspects of the Information Security Program, including governance, policy and standards, control design, business continuity planning & disaster recovery, third party risk management, and training & awareness services.

Responsibilities include:

  • Program management / reporting / communication - Lead the annual security program roadmap and status reporting on initiatives and KRIs. Create presentation materials and lead discussion for key stakeholder meetings.

  • Policy management - Own the user policies, align with Privacy and Compliance

  • Training & awareness - Manage and grow the annual training / awareness program for technical and non-technical stakeholders.

  • Regulatory analysis - Conduct analysis of new regulations that impact the information security / privacy program.

  • Program assessments - Coordinate external reviews / assessments from regulators, audit firms, and client due diligence requests.

  • Risk management - Own the security risk register and the ongoing management of inherent and residual risks. Prepare heat maps and analytics of known risks.

FACTORS FOR SUCCESS

  • B.S. in IT related discipline or similar degree preferable. Professional certification such as CISSP, CISM are a plus.

  • 7 - 10 years of experience with the following:

  • Strong oral and written communication skills

  • Strong problem solving and troubleshooting skills with experience exercising mature judgement

  • Excellent teamwork and interpersonal skills

  • General information security experience and knowledge of general security concepts, such as defense-in-depth, least privilege, security architecture and design, threat modeling, etc.

  • Experienced in collaborating at all levels of an enterprise

  • Creativity and initiative in work product, positive and helpful attitude proposing solutions to resolve problems

  • Professional and technical certifications desired but nor required such as CISM or CISSP

  • Ability to reach technical and non-technical audiences across all levels of the organization.

  • Ability to leverage industry frameworks (NIST, ISO, etc.) for Financial Services / Insurance to provide control context and benchmarking.

  • Work experience related to information security and/or IT operational risk management is essential, across cloud and traditional IT patterns. Experience within large Financial Services firms is preferred.

  • Comprehension of the regulatory and legal landscape driving privacy/information security (HIPAA, NY DFS, GDPR, CCPA, etc.)

  • A solid understanding of current technology capabilities, and a keen interest in staying abreast of emerging technology trends and information security domains.

  • Experience in leading change and the principles of change management.

  • Experience in contracting, implementing, and managing security service providers.

  • Experience with implementing and managing GRC software solutions for Information Security use cases.

  • Design and deliver enterprise level GRC security solutions and services as prioritized by the CISO and Cyber Defense team

  • Manage end-to-end portfolio delivery in terms of schedule, cost, scope and quality; anticipate risks and issues that may arise during the delivery of the portfolio process and ensure that appropriate mitigation actions are in place

  • Demonstrate accountability; lead people with passion, enthusiasm, loyalty and integrity

  • Manage HR processes: Employee engagement, performance reviews, talent development

  • Engage in resourcing processes to ensure organizational agility

  • Act as a change agent, seeking opportunities to challenge the status quo to meet business objectives

  • Design, measure and assess key performance metrics to inform data-driven decisions

  • Socialize the value and importance of cybersecurity across IT areas, operating as an extended arm of the Enterprise Information Security Office

  • Align with and support the execution of the Information Security Office vision and strategy

How We Help You Succeed:

We’re fostering a culture of shared values across our company by providing generous compensation and comprehensive benefits that allow our employees to find fulfillment and security in personal life and career alike. These include:

  • Competitive Salary and Benefits

  • Work-Life Balance & Flexible Scheduling

  • Medical, dental, and vision as part our commitment to investing in the health and wellbeing of our employees

  • Two retirement savings plans: 401k savings plan with company match and Company Retirement Contribution (company-paid)

  • Generous PTO and holiday pay

  • Warm Colleagues & Inspiring Culture

EEO Statement:

Pacific Life Insurance Company is an Equal Opportunity /Affirmative Action Employer, M/F/D/V. If you are a qualified inpidual with a disability or a disabled veteran, you have the right to request an accommodation if you are unable or limited in your ability to use or access our career center as a result of your disability. To request an accommodation, contact a Human Resources Representative at Pacific Life Insurance Company.



Loading please wait...