Information Security Policy & Controls Assurance

Information Technology
in Cincinnati
, OH
Reference: 19-03373


As an Controls Assurance Manager, you would be accountable for Information Security Policy, as well as for Controls and Assurance working closely with the Information Security leadership team, Corporate IT Policy, and with Global Internal Audit and external audit partners.

You will own the policy, standard, control and procedure development, deployment, training, improvement, and maintenance across the policy management lifecycle. In addition, will consult/advise on compliance with applicable laws and regulations and other governance requirements.

Technical Competencies and Experience:

  • You understand of the Global Information Security Environment including the national and international laws, regulations, policies, ethics, security compliance and auditing frameworks as they relate to cyber security; including frameworks such as ISO 27001:2013, COBIT, COSO and NIST
  • Experience responding to audit, legal and government requests in a geographically and culturally diverse organization
  • You will gain experience handling the development, implementation (deployment, training), and maintenance, along with supporting projects throughout the enterprise by identifying implications and potential solutions
  • You would maintain expertise in the subject matter and monitor the external and internal compliance environment
  • You would have the ability to validate procedural and technical compliance with security policies, standards and controls
  • Familiar with IT risks in the Compliance area e.g.: IT Governance, IT Continuity Planning, System Validation, E-Discovery, Info./Cyber Security. Validated experience in policy/standard/control application and Gap Analysis to enable driving the Compliance program
  • You will have successful dissemination of new procedures, or changes to existing expectations and documentation using multiple channels
  • We will also provide experience in promoting awareness of policies, standards, controls and procedures
  • Involvement in development of enterprise security awareness content and delivering security awareness training across the organization
  • You will be developing business plans that take into account longer term activities, issues or opportunities
  • Focuses on performance and driving results
  • Execution Excellence: Excellent delivery on all dedications (e.g, Project Management, establishing Priorities, Deadlines, Issue Management)
  • Building and maintaining strong customer relationships, acting as the key advisor and liaison between IT and the Business, to deliver on strategic objectives
  • CISM, CISA, or CISSP certification

Preferred Qualifications:

  • Bachelor’s degree in Information Systems, Information Technology (IT), Computer Science, Engineering, or other technical/IT field and/or at least 5 years of cybersecurity operations or engineering experience
  • All Information Security roles require CISSP certification
  • Able to handle multiple projects at the same time and still own your time effectively
  • Good interpersonal skills, with an emphasis in the details while staying analytical in nature