Senior Director, Information Security and Compliance
Company: John Wiley & Sons, Inc.
Location: Hoboken
Posted on: October 23, 2024
Job Description:
Location: Hoboken, NJ
Our mission is to unlock human potential. We welcome you for who
you are, the background you bring, and we embrace individuals who
get excited about learning. Bring your experiences, your
perspectives, and your passion; it's in our differences that we
empower the way the world learns.
The Senior Director of Information Security and Compliance develops
and implements comprehensive strategies, policies, and procedures
to identify and mitigate risks, ensure compliance with industry
regulations, and respond effectively to security incidents.
This role manages a global team accountable for safeguarding the
confidentiality, integrity, and availability of Wiley's
intellectual property and technology products. This includes the
management and oversight of the following functional areas:
Security Architecture/Strategy, Security Operation Center, Security
Engineering, IAM, Application Security, Governance, Risk,
Compliance, and the eCommerce/Fraud teams.
How you will make an impact:
- Function as the IT liaison with senior leaders and
Internal/External auditors and consultants on Information Security
and regulatory compliance engagements.
- Identify, prioritize, and implement security strategy
initiatives, establish security goals, and create a roadmap for
their implementation that is aligned with Wiley's
objectives.
- Determine, develop, maintain, and publish corporate-level
information security policies, standards, procedures, and
guidelines, including incident response and compliance reporting
procedures.
- Manage a cost-efficient and high performing information
security organization, consisting of direct reports and dotted line
reports. This includes hiring (and conducting background checks),
training, staff development, performance management, and annual
performance reviews.
- Manage the design, implementation, and maintenance of WILEY's
Information Technology Compliance Programs (SOX, PCI, eCommerce,
and Fraud Analytics).
- Identify, assess, and report on risks, practice, and projects
to stakeholders across the organization.
- Lead regular risk assessments to identify and evaluate
potential security threats and vulnerabilities.
- Identify vulnerabilities and security weaknesses across the
enterprise and drive the resolution and mitigation of found
errors/incidents enterprise-wide.
- Work cross-functionally with other departments to implement
architectures for systems, networks, and applications. Assist peer
managers in understanding security and control deficiencies and
responding to internal and external audit reports.
- Develop and maintain appropriate security access control for
WILEY's information systems, including cloud and on-premise
solutions such as WILEY's global environment, i.e., SAP, Workday,
and other modules as implemented.
- Create and manage a targeted information security awareness
training program for all employees, contractors, and approved
system users, and establish metrics to measure the effectiveness of
this security training program for the different
audiences.
- Develop our Security Incident Response Plan and lead security
incident remediation with related cross-functional teams. Supervise
all investigations relating to security threats, legal discovery,
and violation of WILEY security policies and provide ongoing
communication with senior management.
- Work with product teams to incorporate security and privacy by
design into our products/services.
- Engage in tabletop scenarios, penetration studies, threat
analysis, vulnerability assessments, and security audit activities
to ensure IT controls and security are effective.
- Build and report information security metrics that enable
executive leadership to effectively assess performance of security
program, controls, risk management, risk mitigation and justify
technology investments.
- Establish and maintain third-party vendor risk assessment
program, including attestations such as SOC Reports, SIG/SIG Lites,
HECVAT, and similar questionnaires and assessment documentation.
Conduct security reviews of potential third-party
providers/acquisition targets.
- Accountable for monitoring emerging threats and security
practices and recommending changes to security/compliance programs
as needed. Maintains strong relationships with industry peers,
partners, vendors, external agencies, and regulatory
bodies.
- Provides exceptional customer service experience to internal
business partners.
What we look for:
- Expert knowledge of Cyber/Information Security and compliance,
specifically in the areas of security architectures and associated
technologies, security operation centers, security engineering,
identity governance and administration/identity and access
management (IGA/IAM), privilege access management (PAM),
application security, governance, risk, compliance (GRC), and
eCommerce fraud prevention.
- Working knowledge of cybersecurity technologies covering a
global digital ecosystem.
- Direct global leadership experience (ideally in a matrix
environment), as well as managing external resources.
- Bachelor degree strongly preferred in Information Security or
equivalent. Master degree desirable.
- Experience implementing information security strategies,
policies, and procedures, ideally in a larger
organization/enterprise-wide.
- Identifies and measures global information security (GIS)
controls on critical business processes or channels.
- Previous senior leadership exposure/comfortable engaging with
senior-level stakeholders.
- Strategic prowess and ability to see the big picture
organizationally; ability to adapt accordingly.
- Strong relationship development skills.
- Self-motivated, ability to work collaboratively across the
organization and various domains.
- Solid analytical skills with the ability to solve problems and
develop creative solutions.
- Strong organization, problem-solving, and presentation
skills.
- Excellent communication and interpersonal skills.
- Strong leadership, team management, and negotiation skills.
About Wiley:
Enabling Discovery, Powering Education, Shaping Workforces. We
clear the way for seekers of knowledge: illuminating the path
forward for research and education, tearing down barriers to
society's advancement, and giving seekers the help they need to
turn their steps into strides.
Wiley may have been founded over two centuries ago, but our secret
to success remains the same: our people. We are willing to
challenge the status quo, move the needle, and be innovative.
Wiley's headquarters are in Hoboken, New Jersey, with operations
across the globe in more than 40 countries.
Wiley is an equal opportunity/affirmative action employer. We
evaluate all qualified applicants and treat all qualified
applicants and employees without regard to race, color, religion,
sex, sexual orientation, gender identity or expression, national
origin, disability, protected veteran status, genetic information,
or based on any individual's status in any group or class protected
by applicable federal, state or local laws. Wiley is also committed
to providing reasonable accommodation to applicants and employees
with disabilities. Applicants who require accommodation to
participate in the job application process may contact
tasupport@wiley.com for assistance.
We are proud that our workplace promotes continual learning and
internal mobility. Our values support courageous teammates, needle
movers, and learning champions all while striving to support the
health and well-being of all employees, for example, we offer
meeting-free Friday afternoons allowing more time for heads down
work and professional development.
We are committed to fair, transparent pay, and we strive to provide
competitive compensation in addition to a comprehensive benefits
package. This range represents Wiley's good faith and reasonable
estimate of the base pay for this role at the time of posting. It
is anticipated that most qualified candidates will fall within the
range; however, the ultimate salary offered for this role may be
higher or lower and will be set based on a variety of
non-discriminatory factors, including but not limited to,
geographic location, skills, and competencies.
#LI-JG1
#J-18808-Ljbffr
Keywords: John Wiley & Sons, Inc., Greenwich , Senior Director, Information Security and Compliance, Executive , Hoboken, Connecticut
Didn't find what you're looking for? Search again!
Loading more jobs...