Verisign enables the security, stability, and resiliency of key internet infrastructure and services, including providing root zone maintainer services, operating two of the 13 global internet root servers, and providing registration services and authoritative resolution for the .com and .net top-level domains, which support the majority of global e-commerce. The mission of the Governance, Risk, and Compliance (GRC) team is to provide assurance and consulting services designed to improve the security posture of Verisign and its business partners by:
- Helping employees and business partners understand and comply with applicable policies, standards, and regulatory requirements.
- Identifying, developing, and implementing solutions to avoid deviations from policies and standards; and
- Promoting secure practices that protect Verisign.
Senior Governance, Risk, and Compliance Analyst supports the enterprise-wide information security governance, risk, and compliance program and will provide leadership for a variety of high-visibility initiatives, with specific emphasis on Information Governance and Data Protection & Privacy. Primary Responsibilities:
- Lead the organization's Information Governance Program in developing, implementing, and enforcing enterprise-wide information-security requirements around the governance of data and information. This includes: documenting, providing recommendations for, analyzing, and assessing technical and management security controls for the identification, classification, inventory, security, retention, disposal, and monitoring of organizational data and information.
- Define and execute repeatable processes to facilitate (and lead) data collection efforts regarding organization processes and functions, and accurately capture data types, data flows/mappings, data owners, and associated controls.
- Support data collection and documentation requirements associated with applicable privacy regulations, with specific focus on GDPR.
- Interface directly with a variety of business units and stakeholders to communicate requirements and provide expert-level guidance with regard to collection of data and information in support of the Information Governance Program.
- Lead the on-going maturation and development of the organization's Information Governance and Data Protection & Privacy Programs by providing expert-level recommendations and guidance to stakeholders.
- Report to senior management about the effectiveness of the Information Governance and Data Protection & Privacy Programs, and make recommendations for the adoption of new procedures, controls, and/or technologies.
- Serve as a subject matter expert to internal security, privacy, and compliance stakeholders on specific topics/issues to enhance the establishment of the overall Information Governance Program.
- Act as an advocate for internal customers and business units to enable success while managing security risks.
- Develop and maintain relevant policies/standards/procedures.
Required Skills
- Provide expert-level support for team responsible for short-turnaround tasks related to managing an enterprise-wide security governance, risk, and compliance programs.
- Ability to quickly complete assigned tasks from senior management with little or no supervision.
- Manage multiple projects simultaneously across many areas, as they relate to Information Governance.
- Thorough understanding and knowledge of CIS Critical Security Controls, NIST Cybersecurity Framework, NIST Privacy Framework, and GDPR.
- Excellent written and oral communication skills.
- Strong attention to detail and ability to create high quality work products suitable for executive-level review.
- Must be able to summarize and communicate technical data to a non-technical audience at all levels (individual contributors, management and executives).
- Must be highly-motivated, with a strong work ethic, and able to work effectively under minimal supervision.
- Information Governance Professional (IGP) certification is highly valued. Other professional security management certifications, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), or Certified Information Privacy Manager (CIPM) are preferred.
- Bachelor's degree in computer science, or related field required.
- 10+ years progressively responsible experience in information security governance, risk, compliance.
- 4+ years of experience leading teams in a matrixed environment.
Verisign is an equal opportunity employer. That means we recruit, hire, compensate, train, promote, transfer, and administer all terms and conditions of employment without regard to their race, color, religion, national origin, sex, sexual orientation, gender identity, age, protected veteran status, disability, or other protected categories under applicable law. Additionally, Verisign is committed to helping our diverse workforce manage a healthy work-life balance through all stages of their life and career. We offer a dynamic and flexible work environment with highly competitive benefits and robust learning programs. For more information, click on the links below. Helpful Resources: Our Careers Page Our Benefits Summary Verisign in the Community Our EEO Statement Our Privacy Notice for European Job Applicants/Candidates Reasonable Accommodations Staffing agency policy: No fees will be paid for unsolicited resumes submitted to Verisign or our employees by third parties.
|