This job was posted by https://illinoisjoblink.illinois.gov : For more information, please see: https://illinoisjoblink.illinois.gov/jobs/12455772 Director, Risk Management & Compliance

College Board - Risk Management Division

Location: This is a fully remote , full time position.

About the Team

The Information Security Governance Risk and Compliance (ISGRC) team at the College Board collaborates closely with other teams across the organization to assess and certify the security of College Board\'s information systems and processes. This dedicated team facilitates information security governance and compliance by supporting customer-facing initiatives such as third-party issued audits & certifications (ISO 27001, PCI-DSS and SOC2), providing security questionnaires to existing and potential customers, assessing College Board\'s vendors, reviewing and negotiating contractual commitments to information security, providing disaster response and recovery oversight, testing system strength using industry-recognized frameworks, implementing information security policies, promoting security awareness and training, and testing the acumen of College Board employees through robust and innovative phishing campaigns.

About the Opportunity

• Lead Security Questionnaires response which helps address inquiries from external parties such as existing and potential customers, and cyber insurers.

{=html} <!-- --> - Lead and enhance ISGRC\'s risk assessment, controls metrics and continuous controls monitoring capabilities.

{=html} <!-- --> - Lead GRC system implementation UAT schedules, conduct regular quality assurance check-ins, ensure UAT issues are resolved promptly, facilitate UAT and document results and resolutions.

{=html} <!-- --> - Act as single point of contact with the GRC vendor team and lead managing vendor deliverables, timeline, contract renewal activities.

{=html} <!-- --> - Lead GRC system post-implementation support and training with the team and all internal stakeholders to ensure there is a clear process and understanding of the process for post go-live issues and support.

{=html} <!-- --> - Support College Board sales initiatives by acting as single point of contact for responding to existing and potential customer inquiries related to security and compliance aspects of our products and services.

{=html} <!-- --> - Uplift and enhance current customer experience by collaborating with internal cross-functional stakeholders in Program, Legal, Privacy, Technology & Security teams to expedite customer inquiries SLAs.

{=html} <!-- --> - Partner with Legal and Security to lead a program to build an inventory of all security commitments made in customer contracts and perform a gap analysis with the existing control inventory. Lead and facilitate gap remediations across cross-functional teams.

{=html} <!-- --> - Participate in the new Data Security Working Group & perform all tasks assigned to ISGRC.

{=html} <!-- --> - Assist in assessing, designing, and implementing centralized common control inventory and new risk taxonomy, as necessary.

{=html} <!-- --> - Perform Technical Project Manager responsibilities for a new GRC system implementation by managing internal stakeholder engagement and collaboration. Develop a detailed project plan outlining tasks, responsibilities, owners, timelines, and milestones.

{=html} <!-- --> - Prepare and provide regular project status reports to team and division leadership.

{=html} <!-- --> - Design & build ISGRC data schema, data export, data import tasks for all functions in collaboration with the team

{=html} <!-- --> - Document ISGR functional requirements for strategic initiatives and ensure they are reviewed and approved by the respective ISGRC function leaders.

{=html} <!-- --> - Other duties as assigned.

In this role, you will:

Lead Technical Project Management (50%)

• Develop detailed project plans, including timelines, milestones, and resource allocation.

{=html} <!-- --> - Lead stakeholder management by collaborating with cross-functional teams throughout the organization.

{=html} <!-- --> - Identify potential project risks and develop mitigation strategies.

{=html} <!-- --> - Maintain project documentation including progress reports and status updates to management.

{=html} <!-- --> - Apply project and change management principles to drive continuous improvement.

{=html} <!-- --> - Participate in the new Data Security Working Group & perform all tasks assigned to ISGRC.

Lead customer-facing team in responding to customer information security compliance requests (40%)

• Oversee the intake, prioritization, and timely resolution of customer requests and inquiries which come to the team from internal business teams.

{=html} <!-- --> - Facilitate communications between cross-functional teams to ensure business needs are met effectively.

\<