Header

Senior IT Security Advisor - Security Program and Policy Management


PURPOSE OF POSITION:

The Senior IT Security Advisor - Security Program and Policy Management oversees the planning, execution, and management of the Global Information Security Program (GISP) as well as World Vision’s information security policies, procedures, standards, and technical security requirements (TSRs). This individual is responsible for the development and management of the security program and associated policies across various IT functional areas across the enterprise (e.g., data, systems, network and/or Web) that support World Vision’s enterprise security services and security solutions to ensure that WV’s infrastructure and information assets are protected.


KEY RESPONSIBILITIES:

    STRATEGY:
  • Provides strategic and tactical direction and consultation on security and IT compliance.
    POLICIES, PROCEDURES, & STANDARDS:
  • Acts as primary support contact for the development of secure applications and processes.
  • Maintains an up-to-date understanding of industry best practices.
  • Develops, enhances and implements enterprise-wide security policies, procedures and standards across multiple platform and application environments.
  • Monitors the legal and regulatory environment for developments.
  • Recommends manages implementation of required changes to IT policies and procedures.
  • Monitors compliance with security policies, standards, guidelines and procedures.
  • Ensures security compliance with legal and regulatory standards.
    BUSINESS REQUIREMENTS:
  • Engages directly with the business to gather a full understanding of project scope and business requirements.
  • Assesses business needs against security concerns and articulates issues and potential risks to management.
  • Consults with other business and technical staff on potential business impacts of proposed changes to the security environment.
  • Provides security-related guidance on business process.
    OPERATIONS SOLUTIONS:
  • Defines security configuration and operations standards for security systems and applications, including policy assessment and compliance tools, network security appliances, and host-based security systems.
  • Defines and validates baseline security configurations for operating systems, applications, networking and telecommunications equipment.
    BUSINESS CONTINUITY/DISASTER RECOVERY:
  • Develops impact analysis.
  • Assists business partners with the determination of critical business processes and systems.
  • Identifies and coordinates resolution of recovery issues. 
    SECURITY PERFORMANCE MANAGEMENT:
  • Develops measures to evaluate the security programs and modifies strategies as appropriate
  • Analyzes reports and makes recommendations for improvements.
    COMMUNICATIONS/CONSULTING:
  • Serves in an advisory role in application development projects to assess security requirements and controls and ensures that security controls are implemented as planned.
  • Collaborates on critical IT projects to ensure that security issues are addressed throughout the project life cycle.
  • Provides input for the development of the security architecture.
  • Informs stakeholders about compliance and security-related issues and activities affecting the assigned area or project.
  • Interfaces with business and IT leaders communicating security issues and responding to requests for assistance and information.​
  • Reports to management concerning residual risk, vulnerabilities and other security exposures, including misuse of information assets and noncompliance.
    VENDOR MANAGEMENT:
  • Works with third party vendors during problem resolutions.
  • Interfaces with third party vendors to evaluate new security products or as part of a security assessment process.​
  • Coordinates with vendors to ensure managed services are implemented and maintained appropriately.
    TRAINING:
  • Develops security awareness and compliance training programs.
  • Provides communication and training as needed.
  • Provides security briefings to advise on critical issues that may affect client.
  • Conducts knowledge transfer training sessions to security operations team upon technology implementation.

KNOWLEDGE, SKILLS & ABILITIES:
      REQUIRED:
    • Requires Security Certification (i.e., Certified Information Systems Security Professional (CISSP), Certified Information Security Manage (CISM), or Global Information Assurance Certification (GIAC).
    • Bachelor’s Degree in Computer Science, Information Systems or other related field, or equivalent work experience.
    • Requires in-depth knowledge of security program and policy development.
    • A high proficiency level in specific job related skills is required.
    • Typically requires 7 - 10 years of combined IT and security work experience with a broad range of exposure to security programs, security policies, procedures and standards.
    • Over 5 years’ experience designing and deploying security programs and policies at the enterprise level.

https://jobs.wvi.org/webjobs.nsf/WebPublished/E3260CE2EBA978DB88257AC9005773B9?OpenDocument