Jackson National Life Insurance Company Information Security Business Manager (ISBM) in Chicago, Illinois
_Job Purpose_ __ /2 open positions. (Chicago, IL. and either Denver, CO. or Nashville, TN.)/*
The Information Security Business Manager (ISBM) is a key role within the NABU Information Security Organization (ISO) and reports into the Security Control and Oversight team. This position serves as the primary security relationship manager amongst businesses, affiliates, business process owners, management, the Information Security Organization (ISO) and the Corporate Information Security Officer (CISO). The ISBM functions as the security leader within their area of responsibility and partners with management on Information Security related issues. The position is both hands-on and strategic, requiring working knowledge of multiple Information Security disciplines as well as the business units they are aligned with. This position works with business management to anticipate Information Security-related needs and is proactive in communicating business objectives, issues, and impacts from their business units to the ISO and associated leadership.
The ISBM is responsible for establishing and driving a business-specific Information Security program focused on assisting the assigned business unit management in identifying and addressing risks while also ensuring compliance with the NABU Information Security Program requirements. The ISBM serves as the trusted advisor and advocate to both the business and to the ISO. This role will liaise between the business and the ISO, keeping clear lines of communication including but not limited to: (1) transparency to the business on upcoming security initiatives, (2) reporting of security risks to the ISO and appropriate executive management, and (3) serving as a key player in the information security deficiency remediation process by identifying impact to the business and customers and helping shape remediation and communication points. In addition, this role will assist business area compliance with the NABU Information Security Policy and Standards by facilitating continuous monitoring and reporting on risks, controls, and documented exceptions per the NABU information security control framework.
_Essential Job Duties & Responsibilities_
- Coaches and provides sound Information Security direction, advice and consultation to business groups.
- Facilitates control assessments over Information Security management controls.
- Facilitates implementation of appropriate access using knowledge of business roles and assists management with performing regular access certifications.
- Leads and coordinates user developed application (UDA) control program within assigned business units.
- Serves as primary point of contact for businesses, functions, or affiliates for Information Security.
- Proactively engages the businesses to identify, document and drive remediation of risks by working with the business to design, implement or otherwise improve control activities to achieve Information Security objectives.
- Leads Data protection program within each of the business units assigned, including unstructured data classification activities.
- Helps ensure significant risk and associated control deficiencies are escalated to ISO and Business Leadership for information or action.
- Participates in the identification of Information Security Training and Awareness needs assessment on a regular basis and supports implementation of Information Security Training and Awareness plan and associated activities.
- Works with the business to ensure appropriate communicate channels are in place, and provides Information Security related updates to business, function, or affiliates as appropriate.
- Ensures stakeholders understand the state of the controls they are accountable for and understand their responsibilities as to risk mitigation and remediation.
- Assists the business by providing direction on process improvements, remediating control gaps, and enhancing current tools for reducing the overall information security risk profile.
- Advises the business on security policies and standards to achieve security objectives and reduce the likelihood and impact of security risks.
- Liaises and helps facility internal audit, external audit and compliance review of security activities employed by the business.
- Plans and coordinates Information Security projects and initiatives within the business according to established plans and timelines.
- Advocates for the business to the ISO by providing visibility to potential business impacts and appropriate resolution of issues to minimize impact to the business.
- Works with ISO and NABU Compliance to ensure monitoring and tracking of state and federal regulations pertinent to information security and privacy within the assigned business area(s).
- Assists the coordination of vendor security diligence reviews with the business.
- Supports and coordinates investigation and response, as appropriate of information security incidents for area of focus.
- Represents the business function, or affiliate during development and update of Information Security policies and standards. Identifies, develops, and maintains supplemental standards and procedures unique to the area of focus.
- Educates management of potential risk associated with a business decision and communicates the likelihood and impact of those decisions, so management can fully quantify those risks and determine tolerance levels.
- Coordinates the understanding and reporting on the overall information security risk posture of the business unit, providing a holistic view of vulnerabilities and associated risks to the business and Information Security.
- Leads regular meetings with assigned business unit management to cover pertinent security topics.
- Works in a collaborative environment with the security organization, participating in other security initiatives as needed.
- Focuses on delivering business value from the information security program.
- Collaborates with IT teams to ensure business driven prioritization and implementation of designed security controls.
- Promotes the culture of risk management and awareness.
- Ability to travel domestically as often as one week per month.
Job Requirements (Knowledge, Skills & Abilities)
- Working knowledge of multiple Information Security disciplines, practices and standards.
- Comprehensive knowledge and understanding of business unit functions, strategic objectives, and goals from an Information Security viewpoint and perspective is a plus.
- Excellent consulting and critical thinking skills.
- Excellent client management and business literacy skills.
- Strong interpersonal, negotiation and leadership skills.
- Excellent verbal and written communication skills.
- Ability to develop strong trusting relationships in order to gain support and achieve results.
- Strong organizational skills and ability to support multiple business units in multiple locations, with travel as required.
- Take initiative to identify and anticipate client needs, business impact and make recommendations for implementation.
- Ability to influence others and shape/obtain desired outcome in areas outside of direct control.
- Results oriented, able to achieve desired outcomes independently and at appropriate priority levels.
- Business acumen to engage business process owners within assigned areas.
- Knowledge of risk assessment procedures.
- Familiarity with audit testing and control methodologies.
- Ability to effectively communicate technical and non-technical issues both verbally and in writing.
- Excellent analytical and problem solving skills.
Education and Experience Required
- Bachelor’s degree required.
- 5 years of Information Security experience resolving Information Security related issues required.
- Training or coursework in Information Security, Information Systems Management, or related topics preferred.
- CISSP certification required.
- CISM, CISA, ITIL, CRISC preferred.
- Use of GRC platforms, particularly RSAM, recognized standards such as NIST SP800-53, CSF, ISO 27001, COBIT.
- Experience working with vendors and third party service providers. #LI-GW1
Job: *Information Technology
Organization: *Jackson National Life Insurance
Title: Information Security Business Manager (ISBM)
Requisition ID: JAC0034E