Manager, Infosec Governance

Job Description

Your Platform

Your Mission

As the Manager, Governance you will have a strong background within information security to make a strong impact on the company's security program and services. The candidate will have experience with various Information Security concepts including data governance, risk management, metrics, audit, policy and standards development. This individual will work with the Information Security team, Legal, IT, and other business teams to:
• In this newly created role, you will play a pivotal role in growing ABK's Security Governance footprint! The Manager, Security Governance will excel at guiding internal technical and non-technical partners on how to align with security standards, privacy and data protection laws and internal data protection requirements
• Lead implementation of a Security Governance framework, based on industry standards like NIST Cybersecurity Framework, CIS Standards with support from the Cyber Security, Legal, Privacy, and Technology teams
• Develop, implement and supervise a strategic global, comprehensive information security governance program:
• Establish policies, processes and standards aimed at reducing organizational risk from an Information Security perspective
• Manage the communication of Information Security policies, processes and standards to all stakeholders, and maintain a repository
• Reviewing and proposing changes to data governance policies and strategies
• Maintain the relevance of the governance processes by researching new security governance trends and incorporating changes as appropriate in partnership with all stakeholders
• Support execution and continued development of the ABK's Governance Roadmap
• Build clear and concise requirements both business and technical to enable the automation of governance controls and compliance obligations
• Provide clear/concise updates to management on security governance matters and assist with the creation of relevant metrics to support program success, opportunities for improvement, and understanding of resource commitments
• Perform internal governance audits and controls self-assessments to evaluate internal controls
• Collaborate with IT security, risk management, and compliance teams to improve the internal controls environment and influence to mitigate IT risk
• Be a partner to the Compliance team to validate the effectiveness of implemented controls
• Identify gaps in existing policies, processes and standards when compared to established security controls frameworks.
• In partnership with Risk, examine incoming requests for exceptions to security control requirements and draft recommendations that include requisite mitigation strategies, seek approval, and maintain a registry of the exception and residual risk
• Drive data governance strategy and policies within assigned areas of the enterprise:
• Develop and maintain a collaborative relationship with data stewards and ambassadors in assigned business units
• Develop and maintain strong understanding of the data landscape in the assigned areas of the enterprise
• Identify, understand, and document data usage characteristics to drive alignment of data standards
• Be the owner of data mapping for non-privacy related data (Financial, Marketing, studio assets, etc.)

Player Profile

Minimum Requirements:
• Bachelor's degree in Computer Science, Information Systems, other related field; or equivalent work experience
• Minimum of eight years of information security experience in a corporate or consulting environment at a senior or manager level, or
• Minimum of 5+ years' work experience in Security Governance, or technology risk, or IT Compliance
• Previous experience managing a team directly
• Any one or more of the following preferred
• Certified Information Systems Security Professional (CISSP) from ISC2
• ISACA CGEIT, CRISC or CISA certification
• (any) Global Information Assurance Certification (GIAC) from SANS
• Working knowledge of common information security management frameworks and practices such as
• National Institute of Standards and Technology (NIST)
• CIS Critical Controls
• ISO/IEC 270xx
• Experience in developing IT policies and procedures that include implementation of security controls (records management and cloud knowledge)
• Strong understanding of security requirements, frameworks, templates, assessments, process maps, data flows
• Knowledge of federal and state laws, regulations, and standards related to security and privacy, including but not limited, to, GDPR, CCPA, COPPA, and NIST
• Experience building security governance standards and standard operating procedures around security governance and use of GRC tools, and techniques to automate governance controls
• Experienced in end-to-end security governance lifecycle coordination
• Experienced at influencing diverse partners and driving accountability and decision making across teams
• Ability to communicate and develop awareness of key governance concepts to all levels of the organization
• Versed in project management procedures and concepts
• Knowledgeable in a diverse set of technical skills, such as IT infrastructure, operating systems
• Understanding of logging, monitoring, and reporting key performance indicators (KPI) and development of continuous improvement plans
• Excellent oral/written communication, problem solving and analytical skills
• Ability to work independently and as part of a team to achieve desired objectives and project results
• Ability to interface effectively and decisively with all levels of management, departments and outside vendors
• Understanding of data quality management
• Understanding of information and process integration management
• Policy and standards drafting experience
• Ability to implement change by motivating others, driving consensus, and executing through others
• Experience working in sensitive/classified data environments

We love hearing from anyone who is enthusiastic about changing the games industry. Not sure you meet all qualifications? Let us decide! Research shows that women and members of other under-represented groups tend to not apply to jobs when they think they may not meet every qualification, when, in fact, they often do! We are committed to creating a diverse and inclusive environment and strongly encourage you to apply.

We are committed to working with and providing reasonable assistance to individuals with physical and mental disabilities. If you are a disabled individual requiring an accommodation to apply for an open position, please email your request to accommodationrequests@activisionblizzard.com General employment questions cannot be accepted or processed here. Thank you for your interest.

Subject to eligibility requirements, the Company offers comprehensive benefits including:
• Medical, dental, vision, health savings account or health reimbursement account, healthcare spending accounts, dependent care spending accounts, life and AD&D insurance, disability insurance;
• 401(k) with Company match, tuition reimbursement, charitable donation matching;
• Paid holidays and vacation, paid sick time, floating holidays, compassion and bereavement leaves, parental leave;
• Mental health & wellbeing programs, fitness programs, free and discounted games, and a variety of other voluntary benefit programs like supplemental life & disability, legal service, ID protection, rental insurance, and other

[more...]

Jobcode: Reference SBJ-r031k1-3-143-244-83-42 in your application.