Pearson Risk & Assurance Lead in Colombo, Sri Lanka
Risk & Assurance Lead
Reporting to the GRCA Risk Operations Manager (based in UK), the Risk & Assurance Lead shall contribute towards the development, operation and maintenance of Pearson’s risk management and security assurance programs. This role will provide leadership and support for the current team processes around security exception management and security assurance activities. This role will also act as an advisor and escalation point for requestors, business risk owners, and project leads who require assistance with process adherence. In addition, this role will participate in and lead some functional risk assessment activities and contribute to the overall management of Pearson’s information security risk posture.
Contribute to the development and maturity of the information security risk exception process.
Contribute to the development and maturity of the security assurance framework.
Assist in operating the eGRC platform by working with requestors, sponsors, and business owners where needed to ensure items are properly documented and managed within the platform.
Lead operational activities for maintaining and managing security exceptions throughout their lifecycle by acting as a key reviewer/advisor for exception requests to ensure they meet the appropriate standards.
Lead the management and enhancement of service activity reporting for security assurance and risk exceptions in order to assist the team in meeting defined performance goals.
Support the team in performing assurance remediation validation checks before project releases.
Maintains the security posture of the eGRC platform by assisting where needed in administrative functions and system management.
Lead targeted risk assessments and contribute to the maturity of the program.
Contribute to the vendor risk management process as needed.
Support the department’s risk management forum activities where needed.
Essential skills and experience:
Ability to interact with Pearson’s personnel, build strong relationships at all levels and across all business units and organizations, and understand business priorities.
Strong experience in leading process effectiveness and improvement efforts.
Ability to mentor junior staff in building relationships, challenging requests where needed, and building maturity in processes/tasks.
Ability to evaluate business value versus security risk and provide analysis to leadership for decision making.
Strong technical experience in IT (networking, development, or operations) that would lend itself well to leading discussions concerning security concerns, pros and cons, with leaders in those environments.
Experience in performing application administration activities, especially role-based management of users.
Hands on experience of using security tools to automate processes essential for controls management, compliance validation, and risk exception management.
Strong analytical skills to analyze security requirements and relate them to appropriate security controls.
Hold security certifications pertinent to the role such as Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP), Certified Information Systems Manager (CISM) or Global Information Assurance Certification (GIAC).
Excellent verbal and written communication skills with experience of working with all levels of the business, often remotely via video conferencing.
5 years minimum experience in IT / Information Security with track record growth in leadership responsibilities.
A bachelor's degree in computing or commensurate work experience.
Ability to interact with Pearson’s or vendors’ personnel to build strong relationships at all levels and across all business units and organizations, and understand business priorities.
A strong understanding of the business impact of security tools, technologies and policies.
Experience with common information security management frameworks, such as International Standards Organization (ISO) 2700x, NIST, etc.
Familiarity with applicable legal and regulatory requirements, including, but not limited to, the U.S. Sarbanes-Oxley Act (SOX), the U.S. Health Insurance Portability and Accountability Act (HIPAA), the European General Data Privacy Regulation (GDPR), and PCI/DSS.
Proficiency in performing risk, business impact, control and vulnerability assessments, and in defining treatment strategies.
Knowledge of and experience in developing and documenting security requirements and remediation plans.
Working knowledge of Industry Standard Product and Program Development Life Cycle, including Secure SDLC and OWASP.
Primary Location: LK-1-Colombo
Work Locations: LK-Colombo-Orion City Rigel Bldg Orion City Rigel Bldg No 752 Dr. Danister De Silva Mawatha Colombo 900
Organization: Technology & Operations
Employee Status: Regular Employee
Job Type: Standard
Shift: Day Job
Job Posting: Mar 18, 2020
Job Unposting: Ongoing
Schedule: Full-time Regular
Req ID: 2002836
Pearson is an Equal Opportunity and Affirmative Action Employer and a member of E-Verify. All qualified applicants, including minorities, women, protected veterans, and individuals with disabilities are encouraged to apply.