Contact us about our enterprise services: email | phone | chat

  • Senior Information Security Advisor - Governance, Risk & Compliance Job


    Purpose of Job Provides thought leadership while managing multiple initiatives. Collaborates with all levels of USAA management and internal partners to assess Information Security and align to support the organization goals with Enterprise goals. Manages and mitigates Information Security risk by identifying, evaluating, assessing, designing, monitoring, administering, reporting and implementing systems, policies and processes. Provides Information Security risk insight and guides management on Information Security risk issues and serves as advisor to peers, team members and the enterprise. Works under minimal supervision on complex work assignments and recommends appropriate solutions and problem resolution.


Job Requirements

Provides advice, guidance and assistance to executive management focusing on Information Security risk to guide the strategic direction of USAA development projects, departmental initiatives and other special projects. Determines requirements, recommends system security configurations, and risk mitigation effectiveness.
Provides specialist advice and acts as an Information Security liaison between the company and staff agencies through formal and ad-hoc inquiries. Influences Information Security risk management strategies and approaches and educates risk owners on best practices.
Identifies, analyzes and initiates changes in the Information Security policies, guidelines and standards as well as provides governance advice to company and staff agencies in support of developing and managing the Information Security awareness program.
Ensures that internally developed and commercially available business applications include adequate information and security controls.
Performs physical site assessments of business partners and provides peer review of work product and deliverables. Performs release of information analysis to third party business partners and identifies alternative methods for securing and releasing information when applicable.
Designs and executes the Information Security risk and control identification, evaluation, documentation, analysis and reporting processes including analytic tools.
Ensures process owners identify, develop and test Information Security controls for risk mitigation effectiveness.
Anticipates Federal and State regulatory and business partner Information Security risk requirements and responds both verbally and written to inquiries from periodic exams.
Serves as a mentor to peers and team members for assigned area of responsibility. Guides team members in the development and delivery of their work.
Other duties as assigned.


  • Minimum Requirements
  • Bachelor's degree in MIS, Computer Engineering, Cyber Security, IT or related disciplines OR 4 years of additional work experience in IT, Information Security, Cyber Security or equivalent in lieu of a degree.
  • 6+ years Information Security experience within Information Technology
  • 4+ years working in a matrixed corporate environment
  • Strong ability to work within a matrixed corporate environment
  • Strong knowledge of risk, control, budgets, process and loss costing
  • Strong knowledge and experience in relevant industry data sources, standards, data analysis tools and techniques (e.g. Archer, MetricStream, BWise).
  • 6+ years facilitating risk assessment sessions with all levels of management and executive management.
  • *Qualifications may warrant placement in a different job level*
  • When you apply for this position, you will be required to answer some initial questions. This will take approximately 5 minutes. Once you begin the questions you will not be able to finish them at a later time and you will not be able to change your responses.
  • Preferred
  • 8+ years facilitating risk assessment sessions with all levels of management and executive management
  • Strong knowledge of risk monetization and costing
  • An understanding of Information Security frameworks and Financial Industry regulatory statutes (NIST, SANS)
  • Strong knowledge and experience in relevant industry data sources, standards, data analysis tools and techniques (e.g. Archer, MetricStream, BWise)
  • Experience collaborating with and influencing multiple stakeholders to solve a complex problem.
  • MBA or Masters in MIS, Computer Engineering or Cyber Security.
  • Professional designation in CISSP, CISA, CRISC, or CRCMP
  • Relocation assistance is available for this position.
  • The above description reflects the details considered necessary to describe the principal functions of the job and should not be construed as a detailed description of all the work requirements that may be performed in the job.


  • Travel No travel
  • Incentives Both
  • Clearance & Citizenship U.S. Citizenship
  • Remote Work No remote work
  • Education Bachelors Degree
  • Salary Range Not provided

Join NinjaJobs!

Registered users get the benefit of full listing views, searches, posting options and more!

Company Ratings powered by

  • 3.7

    Overall Rating - Satisfied

  • Culture and Values 4.1
  • Work/Life Balance 3.7
  • Senior Management 3.3
  • Comp and Benefits 4.0
  • Career Opportunities 3.4

NinjaJobs by the Numbers - Q2-17