Director, Corporate Information Security
Penguin Random House, New York, NY
Home of the world’s best books.
* Assist the Global CISO in the development, implementation, and maintenance of information security procedures, standards, and guidelines. Oversee the localized approval, training, and dissemination of security policies and practices
* Facilitate the information security risk and control assessment process, as well as support internal and external compliance programs
* Proactively monitor key risk indicators to identify non-compliance and assist in remediation with compensating controls to address security, risk, and control gaps
* Monitor business unit metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation, and increase the maturity of the security
* Act as a liaison between management, product owners, technology operational risk, and internal audit functions
* Work with various stakeholders to identify information asset owners to classify data and systems as part of a control framework implementation
* Provide strategy for the implementation of control improvements, including process enhancements and use of automated data collection techniques
* Oversee information security awareness training programs for US employees, contractors, and approved system users
* Monitor external threat intelligence information to identify potential fraud or other malicious activity and escalate when necessary
* Conduct incident response and business continuity simulations to ensure the readiness of personnel in the event of an incident or disaster
* Manage the third-party risk assessment process to identify potential security and privacy risks and ensure that our vendors comply with internal policies and procedures
* Show ownership and leadership skills in coordinating projects across multiple teams, driving them to successful conclusion while building strong, lasting relationships with both internal and external stakeholders
* Demonstrate the ability to break abstract goals into attainable, measurable work items
* At least 10 years of experience in information security advisory or IT risk management, preferably in a complex, largescale environment
* Proficiency in information security domains, including policies and standards, risk and control governance and assessments, secure systems development lifecycle, access controls, regulatory compliance, technology resiliency, incident management, vulnerability management, and data protection
* Strong project management and execution skills for driving enterprise-wide risk initiatives
* Experience working with cloud computing environments and respective controls
* Strong analytical and problem-solving skills
* Working knowledge of information security and privacy frameworks such as IS0 27001, PCI DSS, CCPA and GDPR
* Certifications such as CISSP, CISM, CRISC, CISA are preferred
About Penguin Random House
Penguin Random House is the leading adult and children’s publishing house in North America, the United Kingdom and many other regions around the world. In publishing the best books in every genre and subject for all ages, we are committed to quality, excellence in execution, and innovation throughout the entire publishing process: editorial, design, marketing, publicity, sales, production, and distribution.
Want to learn more about Penguin Random House? Visit Penguin Random House's website.
Content is the cornerstone to all we do, and our audience is why we do it.