AddressWolters Kluwer Global Business Services (GBS) is designed to provide services to the business units in the areas of technology, sourcing, procurement, legal, finance, and human resources. These global centers promote team collaboration using best practices around a specific focus area to drive results and enhance operational efficiencies. There is a constant endeavor to benchmark against best-in-class industry standards to improve the quality of deliverables, increase cost savings, enhance productivity, and reduce time to market for products and applications.
We have an amazing opportunity for an IT Security Associate Director - Compliance Lead in our Global Information Security function within our Global Business Services division! The IT Security Associate Director - Compliance Lead will be accountable for managing (updating, monitoring) the IT Security Services Catalog to best serve the Wolters Kluwer Business Units and their customers. In close relationship with the Global Information Security Management team, and Business Units Management teams (mainly Product and Sales), you will identify, organize, package, and monitor IT Security Services that meet the Wolters Kluwer Global Market.
The IT Security Associate Director - Compliance Lead is accountable for the IT engagement in Customer Due Diligence; You organize the answers to Client Due Diligence globally (prospects and current customers) in the most efficient way, from Wolters Kluwer cost and sales efficiency point of views.
Based on frequent structured exchanges with Business Units, and in collaboration with your peers, the IT Security Associate Director -Compliance Lead maintains the IT Security Services Catalog: creates new services, and updates existing ones. The IT Security Associate Director - Compliance Lead will ensure an updated Services Catalog, reflecting one cybersecurity framework for the entire Wolters Kluwer and its diverse ecosystems (FedRAMP, StateRAMP, ISO27xxx, SOC2, HITRUST …).
In the sales cycle, the IT Security Associate Director - Compliance Lead will train & support the sales organizations, in presales, and participate in customer facing interfaces as a lead representative of GIS Security Services.
In addition, The IT Security Associate Director - Compliance Lead is accountable for other transformation and process improvement initiatives as assigned by Director of Strategic Security Services and/or Wolters Kluwer CISO.
Essential Duties and Specific Responsibilities:
Technical Compliance Responsibilities:
- Primarily responsible for representing and leading the Global Information Security team in the sales process of the Business Units and in contracts support with the Legal Department by answering questionnaires, developing technical summaries/white papers outlining the various technology transformation efforts to highlight the maturity of WK’s cybersecurity program, presenting the security posture of the BUs, and training the Sales community.
- Responsible for maintaining the IT Security Services Catalog and “selling” it to BUs. Includes identifying and reporting gaps in services, communication, and delivery.
- Collaborating with peers across GBS teams to align the IT Services catalog strategy with GBS goals.
- Prioritizing projects based on risk and impact to the overall business.
- Ensure the appropriate technical metrics are identified, measured, and reported to demonstrate the effectiveness of the IT Security Services program.
Compliance Oversight and Responsibilities:
- Educating the Legal Department and Customers facing community on Wolters Kluwer Cybersecurity posture and maturity
- Adapting documentation to various regulatory frameworks such as GDPR, HIPAA, PCI-DSS, etc.
- Engaging closely with control owners associated with the Customer Facing services to prepare for potential audits and legal or regulatory requirements related to compliance.
Audit and Third-Party Assurance Management Responsibilities:
- Supports the team in discussion with internal and external auditors to ensure that all technical controls are communicated to the auditors to ensure audits are executed smoothly.
- Reviews audit findings and works with the C&A team to address identified gaps and vulnerabilities.
- Provides CISO with insights into technical gaps from audit outcomes and implications.
Accurate and Timely Reporting Responsibilities:
- Developing and presenting weekly and monthly reports to the CISO outlining achievements, challenges, and plans.
- Analyzing trends in observations from external audits, internal assessments, and other sources of identifying issues to inform and influence remediation strategies, common trends and updating the IT Security Services catalog.
- Ensuring timely communication of critical gaps identified from audits/assessment to management.
Leadership Responsibilities:
- Actively participate in the development of the annual Vision and Strategy Planning.
- Ability to lead the in developing audit/assessment plan as required for different regulatory or standard’s needs.
- Assist in mentoring team members to build the technical capabilities within C&A function’s goals.
- Lead the teams in identifying technical solutions for audit gaps and drive the tracking and managing to the successful resolution of the gaps.
- Provide leadership in evaluating compliance aspects of projects through of reporting of appropriate technical KPIs and other compliance metrics.
Job Qualifications:
- Bachelor’s or master’s degree in information system management, Computer Science, Cybersecurity, Risk Management or equivalent.
- Certifications required (two), preferred certifications: Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), Certified Cloud Security Professional (CCSP), or equivalents.
- 10+ years of combined experience with consulting, external audit, company in house and outsourced internal audit, assurance services, contracts; experience with a Big 4 is required.
- 8+ years of hands-on combined experience with financial and information technology internal controls design, test, audit, risk assessments, investigations, findings, and remediation.
- 5+ years in-depth knowledge and experience of compliance and audit with SOC1, SOC2, SOX, HIPAA, ISO 27001, PCI DSS, FedRAMP/StateRAMP, etc.
- 5+ years as a Subject Matter Expert (SME); working with industry frameworks including ISO, NIST 800-53, NIST/CSF, PCI, HITRUST, FISMA, GDPR etc.
- Strong leadership skills and experience leading engagements, establishing budgets, developing work programs/plans, building relationships, mentoring staff, providing performance feedback, and monitoring workloads of team(s) while meeting stakeholder and client expectations.
- Excellent analytical and problem-solving skills with advanced written, verbal and presentation skills; including interactions with peers and senior technical teams and their management.
- Strong experience in managing highly complex technical audits and assessments and driving them to successful outcomes.
- Experience working in remote environments. Independent, motivated self-starter with the ability to analyze complex problems, think critically, problem solve, influence change, provide thought leadership.
- Excellent communication and interpersonal skills, including the ability to work across a highly matrixed organization, interacting, influencing, negotiating effectively with all levels of leadership and peers.
- Experienced with vendor and managed security services with ability to identify continuous improvement opportunities to drive risk assessment effectiveness and efficiency.
- Strong influencing skills and the ability to champion security and educate staff on the latest security risks, software protection, assurance methods and technologies.
- Strong work ethic, excellent use of discretion and judgment, and the mature ability to establish credibility and rapport with senior executives and technical and non-technical team members.
- Ability to travel to customer sites as needed.
Travel requirements
- Occasional Domestic or International Travel, up to 25%
Physical Demands
- Normal office requirements.
ABOUT WOLTERS KLUWER & ITS SUBSIDIARIES
Founded in 1836, Wolters Kluwer (www.wolterskluwer.com) is a market-leading, Global Information Services company focused on professionals in the legal, business, tax, accounting, finance, audit, risk, compliance, and healthcare markets. It enables legal, tax, finance, and healthcare professionals to be more efficient and effective by providing information, software and services that deliver vital insights, intelligent tools, and the guidance of subject matter experts.
Headquartered in Alphen aan den Rijn, the Netherlands, Wolters Kluwer is organized around four customer facing global divisions: Legal and Regulatory, Tax and Accounting, Financial and Compliance Services, and Health. The company employs nearly 19,000 professionals around the world and supports customers in 150 countries. Wolters Kluwer has operations in 40 plus countries across Europe, North America, Asia Pacific and Latin America.
For more information about our products and organization, visit www.wolterskluwer.com, follow @Wolters_Kluwer on Twitter, or search for Wolters Kluwer videos on YouTube.
EQUAL EMPLOYMENT OPPORTUNITY
Wolters Kluwer U. S. Corporation and all of its subsidiaries, divisions, and customer/business units is an Equal Opportunity / Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or protected veteran status.
INFORMATION
For any assistance with your application for this job opening, please call the HR Source at (888) 495-4772 or email HRSource@WoltersKluwer.com. TTY is also available at 888 (495) 4771.
