Information Security Program Manager

ESSENTIAL JOB FUNCTIONS

Program Management

• In collaboration with the AMER CISO, manage a portfolio of programs designed to transform the cybersecurity processes and tools in line with our strategy

• Launch projects based on DCS strategy, including documenting requirements, obtaining sponsorship, developing staff and project plans, and guiding project to delivering milestones

• Programs include the security GRC scope, assisting in developing an automated platform integrating core GRC functions (regulation, policy, control, risks, etc.) and providing actionable reporting

• Put in place project governance to provide on-going reporting, escalation of issues as needed, and periodic meetings with sponsors and stakeholders

Strategy

• Work with the AMER CISO to define and document a multi-year strategy based on current cybersecurity assessments, regulatory gaps and trends, risk appetite, and evolving industry threats

• Socialize the strategy to inform senior management of cybersecurity risks in the region and obtain support for key initiatives to reduce risks

• Work with other DCS teams to gather information on threats, vulnerabilities, and risks to drive the strategy

Communication Management

• Build and execute on the communication plan and framework to enhance awareness and knowledge at all levels of the security organization

• Oversee all communication vehicles and content to internal stakeholders, plan owners and executives, as well as other business partners

• Collaborate with a wide variety of stakeholders, such as IT groups, corporate relations, human resources, and business operations

• Develop long-term strategies and key initiatives, including promoting and achieving a culture of service excellence and employee engagement

• Work with leadership and management to develop strategies and demonstrable links between staff engagement and internal organization goals

• Oversee communications for and assist in the overall production of employee experience events (including security educational and training sessions, staff meetings, leadership events, and employee resource groups)

• Manage all internal communications and related program materials using internal branding, such as newsletters, e-blasts and other internal channels for the purpose of communicating engagement information to employees

• Create an annual communication plan and provide content for various communication channels

Management Reporting

• Lead the development and delivery of various reports – strategic reporting to senior management to socialize the DCS cybersecurity strategy and report on progress

• Develop impactful and actionable security metrics in collaboration with the functional leads to provide a clear and sustainable view of the security posture in AMER to multiple stakeholders (e.g., regulators, auditors, boards and executive committees, operational team, technical teams)

• Revise existing periodic reporting leveraging metrics and other information available in the security GRC platform to create automated, templatized reporting for on-going commitments such as operational risk management