Information Security Risk Manager
At Pearson, we’re committed to a world that’s always learning and to our talented team who makes it all possible. From bringing lectures vividly to life to turning textbooks into laptop lessons, we are always re-examining the way people learn best, whether it’s one child in our own backyard or an education community across the globe. We are bold thinkers and standout innovators who motivate each other to explore new frontiers in an environment that supports and inspires us to always be better. By pushing the boundaries of technology — and each other to surpass these boundaries — we create seeds of learning that become the catalyst for the world’s innovations, personal and global, large and small.
The Global Information Security Risk Manager is responsible for helping to quantify, mitigate, and manage information security risk at Pearson. Specifically, this person will manage risk assessments, the Risk Exception Process, maintain the Risk Register and KRIs, create and lead working groups and Steering Committees to fulfill obligations and manage cooperation across global Pearson.
This person works within the CISO team to ensure that reliable and real-time security and risk management data are available to the CISO Leadership and Executive Management teams that depend upon them to manage risk for Pearson Lines of Business. The Risk Manager is also responsible for ensuring that various audit and assessment functions are supported through the use of dedicated eGRC tools. The Risk Manager assists Pearson Lines of Business by ensuring that Vendor Management audits are completed on time and according to the designated vendor tier.
They will act as the lead in the exception management process, ensuring the CISO Leadership has the most accurate data to determine risk level for Exception Requests and Remediation Planning activities.
This role requires both technical, and business management skills. It requires strong people leadership skills and the ability to drive action. The Risk Manager acts as a liaison between the technical team members of Vulnerability Management, Risk Management, and Application Security Assessment to ensure that information gathered by the technical security teams is appropriately captured in the eGRC tools.
This role will report to the VP of Governance, Risk and Compliance, and may be called upon to act as an authorized delegate for security decisions within CISO.
Within this team, the Global Information Security Risk Manager is responsible for reporting on, and providing guidance for, risk reduction and mitigation on complex projects and critical applications. Key success criteria for this role include: ensuring that security is driven into all Pearson’s internal services and customer-facing products in both the private and public cloud.
As a direct report to the VP Information Security Governance, Risk and Compliance, you will have the following accountabilities:
Ability to drive tangible results for the security team that provide real value to Pearson;
Provide security guidance that is practical and based in the reality Pearson’s environment rather than a gold standard that is aspirational;
Work closely with enterprise architects, engineering, and security specialists to ensure adequate security solutions and controls are in place and aligned to Pearson Policy and Standards, regulatory compliance and Industry requirements, throughout all IT and cloud systems and platforms to drive risk mitigations for identified risks sufficiently, and to meet business objectives and regulatory requirements;
Work collaboratively with a diverse, global, and multicultural community.
Maintain confidentiality of work related information and materials.
Establish and maintain effective working relationships.
Present information to large and small groups.
Contributes to the development and maintenance of the information security strategy, policies and standards;
Embrace a culture of continuous service improvement and service excellence; and
Stay up to date on security industry trends.
o ISO 27001/27002
o NIST 800-53
o HIPAA/HITECH/ISO 27799:2016
o SOC II/AES 16
o GDPR (familiarity)
o RSA Archer
Competences and Behaviors
Pearson is an Equal Opportunity and Affirmative Action Employer and a member of E-Verify. All qualified applicants, including minorities, women, protected veterans, and individuals with disabilities are encouraged to apply.
Primary Location: US-CO-Centennial
Work Locations: US-CO-Centennial-2154 East Commons 2154 East Commons Avenue Centennial 80122
Organization: Technology & Operations
Employee Status: Regular Employee
Job Type: Standard
Shift: Day Job
Job Posting: Dec 29, 2017
Job Unposting: Ongoing
Schedule: Full-time Regular
Req ID: 1719811