Sr Consultant, IT Risk Mgmt
Posted on Aug 27, 2020 by Nationwide
If you're passionate about innovation and love working in an environment where you can constantly improve and adopt new technologies to drive business results, then Nationwide's Information Technology team could be the place for you!
Seeking an Identity and Access Management Expert
Several years (3-5) of IAM experience required. Specifically evaluating, implementing, building and operating IAM tools around Authentication, Authorization and ID Lifecycle Management.
Capability Lead Practitioner for Identity and Access Management Protection
Collaboration with Infrastructure, Application and Risk Management teams for capability implementations
Strategy and solution delivery for Identity and Access Management
Advisory consulting for Identity and Access Management
Technical lead for all IAM epics and areas of interest
Lead technical resource for new IAM Product Strategy implementations
Advise and consult when teammates need support with technology issues
Contributes to the development of IRM standards, policies and guidelines
Partner with IRM Enterprise Strategy to deliver on strategic goals and objectives.
Development and delivery of IAM metrics
Understand and experience with Cloud based technologies
The role spans the entire enterprise including all business, IT and Infrastructure area.
Business Relationship and Consulting skills a requirement. Person will face-off and support product owners and leaders in the BSA and Architecture community.
Ability to outline and deliver strategic goals as well as make tactical decisions.
Job Description Summary JOB SUMMARY: Serves as the top-level technical expert in a specific aspect of information risk management. Leads the most complex and critical information risk management projects involving multiple disciplines and may impact multiple business units. Contributes strategic vision and integrates a broad range of ideas regarding information risk management. Recognized across the organization for information risk expertise and sought as a resource for resolution of the most complex information risk problems. Leads control mitigation and solutioning oversight and direction for enterprise-wide risk technology. Ensures high-level integration of application development with information risk management policies and strategies. Identifies, evaluates, conducts, schedules and leads technical analyses functions to ensure all applicable risk requirements are met while balancing performance and cost factors calculated into solutions/recommendations. Provides analysis of requirements necessary to ensure the confidentiality, availability and integrity of information where it is processed, stored, or transmitted by the business and IT systems.
REPORTING RELATIONSHIPS: Reports to: Director/AVP/Vice President; typically no direct reports but may lead project or virtual teams.
CORE DUTIES AND RESPONSIBILITIES:
1. Serves as the top-level technical expert in one or more aspects of information risk management for a business segment or function to ensure the protection of information processed, stored or transmitted and availability of business processes.
2. Leads major information risk management projects and initiatives. Serves as an expert in the planning, engineering, development, implementation and administration of information risk systems through the use of controls, procedures, measurements and strategies to prevent unauthorized access, modification, disclosure, misuse, manipulation, or destruction of systems, networks, applications and data.
3. Provides technical consulting efforts towards the development and implementation of information risk strategies in alignment with their respective business unit and IT initiatives. Assists in the development and implementation of information risk policies, procedures, processes and programs to ensure availability, confidentiality, integrity, authentication and nonrepudiation.
4. Serves as the top level technical expert in one or more highly specialized phases of hardware/software testing and evaluation, information risk management education and awareness, incident/event response, infractions investigation and analysis, policy and standards development, risk assessment and mitigation solutioning. Responsibilities include developing solutions for use within an enterprise environment as well as application specific needs. The consultant is responsible for examining and delivering the strategies and architecture that can be leveraged from a functionality and cost value perspective
5. Contributes strategic vision and integrates a broad range of ideas regarding information risk management. Recognized across the organization for information risk expertise and sought as a resource for resolution of the most complex information risk problems.
6. Establishes the overall framework for the protection of Nationwide information assets through architecture, policies, standards, risk assessments, monitoring, certification and technology.
7. Leads in the testing and evaluation of the most complex systems to ensure operation in accordance with information risk requirements. Defines and implements information risk requirements in alignment with the overall business plan.
8. Leads in the mitigation solution oversight and direction for enterprise-wide risk technology. Conducts long-term strategic planning activities for the development and implementation risk architecture and technology guidelines.
9. Undertakes the most complex information risk projects involving multiple disciplines and may impact multiple business units. Responsible for the selection, direction and performance of IRM projects. Responsible for change management, configuration management, performance analysis, physical planning, national vendor management, inventory control, technical standards, procedures, and product evaluations.
10. Acts as a source of direction, training, and guidance for less experienced staff. Monitors project schedules and costs.
11. Performs other duties as assigned.
MINIMUM JOB REQUIREMENTS:
Education: Undergraduate studies in computer science, management information systems, or related field is strongly preferred. Graduate studies in a technical or business discipline is preferred.
Knowledge: Must have expert knowledge in Information risk components, principles, procedures and practices. Must have extensive knowledge in information controls and audit methodology for business systems and data processing environments. Must have a broad knowledge in information technology and risk trends. Must have an in-depth understanding in insurance and financial services business models and operations. Extensive knowledge of project management concepts and techniques required.
Certification/ Designation: (see role guide)
Experience: Ten years of progressive work experience in information risk and/or information systems audit. Five years of experience in project management is preferred.
Skills: Must be able to serve as the top technical expert for the discipline of risk management. Must have the ability lead the most complex risk operations, risk assessment, and/or engineering projects. Must have the ability to develop and implement strategies and make risk recommendations to senior management. Must have the ability to assist in the development and implementation of risk initiatives, policies, and programs. Must possess strong project leadership capabilities. Must be able to interpret the most complex information risk issues and present formal recommendations to senior management. Must have strong project and process management skills. Must have excellent verbal and written communication skills to interact with all levels of staff, management (executives and Board of Directors), and external sources.
Values: Regularly and consistently demonstrates the Nationwide Values and Guiding Behaviors.
Staffing Exceptions: Staffing exceptions to the above minimum job requirements must be approved by the: Vice President and Human Resources.
Overtime Eligibility (FLSA) : Not Eligible (exempt)
Working Conditions: Normal office environment. Non standard and/or extended work hours as required.
ADA: The above statements cover what are generally believed to the principal and essential functions of this job. Specific circumstances may allow or require some associates assigned to the job to perform a somewhat different combination of duties.
Job Evaluation Activity: Created April 2010 JDC/JL