This position is responsible for establishing and maintaining the strategic direction, scope and priority for a corporate wide information security management program to ensure that information assets are adequately protected. Responsible for identifying, evaluating and reporting on information security risks in a manner that meets compliance, business, and regulatory requirements, while minimizing the risk posture of the enterprise. The position requires sound knowledge of business management and a working knowledge of information security technologies. This position will be responsible for identifying and prioritizing work into IT Delivery organizations to advance and improve the posture of the security program and ensuring alignment to business value and requirements.
The Product Owner will work with business stakeholders to implement or define policies and standards for information security serving as the owner of all assurance activities related to the integrity and confidentiality of customer, business partner, employee and business information in compliance with the organization's information security policies. A key element of the role is working with the leader of day to day operations to present and educate executive management by outlining acceptable levels of risk for the organization. The PO must be highly knowledgeable about the business environment and ensure information security initiatives align with business requirements.
Product Owners have ultimate accountability for what the product teams work on as well as activities supporting Planning and Strategy, Vendor Management, Agile Delivery, and Stakeholder Engagement with a focus on driving operational efficiency and maximum value back to the business. They do this by working across stakeholders to understand their various business processes and associated requirements for each product and connecting them back to tactical efforts for the team to work on. They prioritize all work that is created or that comes into each team and help the team deconstruct large efforts into plannable and workable items. This includes all types of work items for the team including new project work, ongoing lifecycle management, as well as minor enhancements.
In all cases, if you're driven, strategic, entrepreneurial, analytical, an advocate for security, and a great teammate/leader, we want to hear from you.
- Develop and continuously improve the IT Security product team's vision, mission, and critical capabilities to customers, stakeholders and delivery teams.
- Establish & maintain long-term relationships with key stakeholders across our various business units to understand their IT needs as well as their individual business processes and to prioritize security initiatives using appropriate risk management
- Drive collaboration on information security across the enterprise, including the legal, information technology, and Business executives to review our overall security posture and organizational risks.
- Prioritize support, enhancement, project, and lifecycle management work for the IT Security & IAM (Identity and Access Management) teams to drive business value and operational efficiencies.
- Develop and maintain product roadmaps (Short, Medium, & Long Term) for impactful and strategic Security initiatives.
- Respond or assist with customer requests for internal security assessments
- Develop, maintain, and be accountable for budget requirements for the IT Security team to maximize value delivery and minimize overall cost.
- Work with managers to determine appropriate staffing needs for each team and ensure overall team health.
- Perform market research to understand and communicate new trends relative to each product team to keep each product competitive.
- Actively engage with clients in sales and support activities, focusing on customer security requirements and communicating the scope of the information security program
- Present information security programs, status and recommendations to the executive team
- Maintain and promote information security policies designed to ensure the confidentiality, integrity, and availability of company systems and data
- Strong understanding of security risks that are impactful to organizations and demonstrated track record of developing options to deal with and mitigate those risks in the interest of organizational security
- Experience working with both business and IT personnel in a cross-functional environment to develop a common goal or vision.
- Ability to work in a fast-paced, multi-deliverable, time-sensitive environment with demonstrated ability to complete projects on time while balancing dates, scope, and resources.
- Security certification preferred; certifications such as: Certified Information Systems Security Professional (CISSP)
- Experience implementing controls and mitigating risks related to industry frameworks such as ISO 27001/2, Sarbanes Oxley, SSAE 16 SOC 1 / SOC 2, PCI DSS, NIST 800-171, and other information security standards
- Strong passion for exceeding customer expectations and driving business value.
- Strong leadership skills with a focus on continual improvement.
- Strong communication, interpersonal and negotiation skills, both written and oral.
- Experience communicating GRC requirements and Information Security status with Senior Executives.
- Experience as an IT leader or product owner with a history of dissecting and delivering large projects and planning releases and deployments of various initiatives.
- Sound understanding and experience working with various Agile or Lean methodologies.
Equal Opportunity Employer Minorities/Women/Veterans/Disabled