Listing Description
Job Requirements
Provides advice, guidance and assistance to executive management focusing on Information Security risk to guide the strategic direction of USAA development projects, departmental initiatives and other special projects. Determines requirements, recommends system security configurations, and risk mitigation effectiveness.
Provides specialist advice and acts as an Information Security liaison between the company and staff agencies through formal and ad-hoc inquiries. Influences Information Security risk management strategies and approaches and educates risk owners on best practices.
Identifies, analyzes and initiates changes in the Information Security policies, guidelines and standards as well as provides governance advice to company and staff agencies in support of developing and managing the Information Security awareness program.
Ensures that internally developed and commercially available business applications include adequate information and security controls.
Performs physical site assessments of business partners and provides peer review of work product and deliverables. Performs release of information analysis to third party business partners and identifies alternative methods for securing and releasing information when applicable.
Designs and executes the Information Security risk and control identification, evaluation, documentation, analysis and reporting processes including analytic tools.
Ensures process owners identify, develop and test Information Security controls for risk mitigation effectiveness.
Anticipates Federal and State regulatory and business partner Information Security risk requirements and responds both verbally and written to inquiries from periodic exams.
Serves as a mentor to peers and team members for assigned area of responsibility. Guides team members in the development and delivery of their work.
Other duties as assigned.Minimum Requirements
Bachelor's degree in MIS, Computer Engineering, Cyber Security, IT or related disciplines OR 4 years of additional work experience in IT, Information Security, Cyber Security or equivalent in lieu of a degree.
6+ years Information Security experience within Information Technology
4+ years working in a matrixed corporate environment
Strong ability to work within a matrixed corporate environment
Strong knowledge of risk, control, budgets, process and loss costing
Strong knowledge and experience in relevant industry data sources, standards, data analysis tools and techniques (e.g. Archer, MetricStream, BWise).
6+ years facilitating risk assessment sessions with all levels of management and executive management.
*Qualifications may warrant placement in a different job level*
When you apply for this position, you will be required to answer some initial questions. This will take approximately 5 minutes. Once you begin the questions you will not be able to finish them at a later time and you will not be able to change your responses.
Preferred
8+ years facilitating risk assessment sessions with all levels of management and executive management
Strong knowledge of risk monetization and costing
An understanding of Information Security frameworks and Financial Industry regulatory statutes (NIST, SANS)
Strong knowledge and experience in relevant industry data sources, standards, data analysis tools and techniques (e.g. Archer, MetricStream, BWise)
Experience collaborating with and influencing multiple stakeholders to solve a complex problem.
MBA or Masters in MIS, Computer Engineering or Cyber Security.
Professional designation in CISSP, CISA, CRISC, or CRCMP
Relocation assistance is available for this position.
The above description reflects the details considered necessary to describe the principal functions of the job and should not be construed as a detailed description of all the work requirements that may be performed in the job.
Listing Details
- Citizenship: Us Citizen
- Incentives: Both
- Education: Bachelors Degree
- Travel: No Travel
- Telework: No Telecommute