Position Details: Program Governance Analyst(780486TH)
7804863-IT SECURITY -
PROF SR (U)
As a Program Governance Analyst,
your role on the Governance team will include leveraging your knowledge of
security policies, standards, controls, and industry best practices to consult
with partners across all of Client Inc. You will be involved playing a critical
role in ensuring that GRC functions are incorporated into key security services
and program while validating risk mitigation functions within CLIENT Inc. are
functioning correctly. Your responsibilities will also include:
- Document and assist others in documenting security
domain specific policies, standards, controls, control activities, and
standard operating procedures.
- Research, develop, and implement security
policies, standards, controls, and industry best practices across multiple
security domains (e.g. Identity and Access Management (IAM), Data Loss Prevention
(DLP), Vulnerability Management (VM), etc).
- Experience operating and maintaining IAM, DLP, and/or
VM infrastructure, leading or participating in their day-to-day operations
and maintenance, as well as monitoring, reporting, and auditing technical,
security, and business activities.
- Experience designing and building IAM, DLP, and/or VM solutions
that integrate applications and other services, align processes with
business processes, and required governance and policy needs for internal,
external and federated use cases.
- Liaise with GRC and other CIS and Technology
stakeholders to ensure alignment between all groups.
- Must take ambiguous high level language and translate
it into real world operations.
- Diplomatically influence teams to implement a Governance
Framework showing the value it will be bring and tactfully help adjust
existing operations to align with the framework.
- Ability to socialize and influence others to buy into a
process oriented approach to their work.
- Ability to gain a deep level of technical and process
knowledge across multiple security domains in a short amount of time.
- Ability to think both strategically and tactically to
enable a better future state while continuing to execute against current
Stay current on information
security technologies, trends, standards and best practices.
Ability to obtain a deep
level of technical and process knowledge across multiple security domains in a
short amount of time.
To make it clear, we're not
looking for just anyone. We're looking for someone special, someone who had
these experiences and clearly demonstrated these skills:
- Bachelor’s Degree in relevant field and minimum of 7
years relevant IT experience
- CISA, CRISC, CISSP, or CISM certifications beneficial
Knowledge of control frameworks such as COBIT, COSO, NIST and/or
- Experience operating and maintaining DLP and DRM infrastructure,
leading or participating in their day-to-day operations and maintenance,
as well as monitoring, reporting, and auditing technical, security, and
- Experience designing and building a data protection
program that meets the needs of multiple stakeholders and ensures the
appropriate governance and policy needs.
- At least one year of documenting and implementing
security policies, standards, and/or controls
- Strong working and technical knowledge of data
protection technologies, including Digital Rights Management (DRM) and
Data Loss Prevention (DLP)
- Strong ability to translate strategic vision and
objectives into real world operations
- Proven ability to think logically and strategically
about technical solutions that are efficient, scalable, and re-usable.
- Excellent analytical and problem solving skills and
strong attention to detail.
- Proven ability to identify and develop clear and
understandable performance measures from high-level business objectives.
- Strong business acumen to quickly learn new business
processes and understand how application performance requirements support
the business in achieving revenue and profit goals.
- Excellent collaboration skills – must be eager to work
as part of a cohesive team and work as a partner to other teams within Client,
Inc. both at WHQ and globally.
- IT Audit, internal Audit and/or risk advisory
experience is a plus.
- Experience working as a BSA/Lead on multiple projects
and business functions is a plus.
- Comfortable working with ambiguity is a must.
- Exceptional communication skills, including the ability
to gather relevant data and information, actively listen, dialogue freely,
verbalize ideas effectively, negotiate tense situations successfully, and
manage and resolve conflict.
- Proven presentation and facilitation skills.
- Demonstrated expertise of building a consensus across
business partners and technology leaders, and influencing successful
- Must excel working in team-oriented roles that rely on
ability to collaborate with others.
- Experience working successfully in a highly matrixed
- Passion for the Client brand and for an
innovative, Just Do It work environment.