Information Assurance Manager

Job Description

The Manager of Information Assurance is responsible for identifying and documenting Information Technology (IT) risks analyzing vendor and supplier risk sharing the Pillsbury securityrelated activities with customers and ensuring Pillsburys continued compliance with relevant standards (GDPR SOC2 SOX etc.. This roles primary objective is to oversee the enterprise information assurance program.

The Manager plays an important role in the Information Security teams global mission. The manager is a handson high energy and collaborative leader who can balance the intent of security policies with productivity and value generation. The successful candidate will have deep cybersecurity technology audit and risk management expertise and will work closely with the Director of Security and Continuity. They will be asked to innovate on the existing audit processes and create a modern audit program that reduces the difficulty of complying with multiple audit standards.

This position will also be a key leader in and help continue to mature the existing ThirdParty Risk Management (TPRM) program. The manager will lead client information security inquiries audits and will direct matrix team members as required.

The ideal candidate will create and manage Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) with the Director of Security and Continuity and the firm Enterprise Risk Management function. This role will be expected to conduct highlevel presentations to senior executives while also being able to communicate on a technical level. The ideal candidate is a highly motived but compassionate leader who has a strong desire to advance their career and build a highenergy modern Governance Risk and Compliance (GRC) program. This role will report to our Director of Security and Continuity.

Responsibilities

Responsibilities include leading a crossfunctional team of information security professionals with widespread responsibility; coordinating datadriven risk assessments and riskbased analysis of controls; conducting industry benchmarking regulatory requirement gathering and peerbased analysis of available controls risk assessment methodologies and risk mitigation practices to assess for coverage gaps.

The Manager will also assist in the development of information security and information technology metrics (e.g. KRIs and KPIs) to continuously monitor and oversee program level risks; provide periodic updates reports and recommendations to management regarding best practice information security and information technology controls risk assessment and remediation strategies; and advocate for the cyber security program and evoke cooperation across business units.

In addition the manager will be required to build and maintain relationship with various stakeholders; streamline and create audit efficiencies to manage client audits and other regulatory audit activities; partner with Cybersecurity Operations Center Manager to implement security measures to protect computer systems networks and data; assist in creating testing and implementing disaster recovery plans; and support other Information Security initiatives as assigned.

Qualifications

Preferred candidates should have a bachelors degree in a related field or equivalent experience; 7 years of experience in information security; a minimum of 5 years of experience in cyber risk management; and 3 years management experience for information security risk management and compliance activities. Candidates should also have professional certifications (CISSP CISA CISM or CASP); a deep knowledge of SOC 1 SOC 2 compliance requirements; background as a technologist with a deep understanding of application development and DevOps; understanding of risk assessment methodologies frameworks and industry standards: E.g. ISO 27001 NIST FEDRAMP; and a proven ability to understand and interpret legal regulatory and contractual compliance requirements.

Successful candidates should have strong leadership skills attention to details and the ability to influence business partners with a firm strategic view. Candidates should have proven project management skills the ability to build relationships and excellent verbal and written communication skills.