Job Introduction The Information Security and IT Governance Manager will lead the business as usual activities and new initiatives required for the company to ensure the right adoption and compliance with BUPA Information Security Policy, IT Risk Management Policy and Change Management process across the region. This manager will lead a team located across the region integrated by one Security Analyst located in Ecuador, one security Analyst and Cloud specialist located in Panama, one IT Risk and Governance contractor and one IT Security expert located in Miami. This position will coordinate all internal and external audits and ensure the timely and right response for any regulatory requirement across the region related with IT and Information Security.
Additionally, he/she will lead the IT procurement process to ensure the full adherence of the procurement policy and support the budgeting and cost management for all IT and change team.
Main Responsibilities
Lead the all BAU activities related to Information Security monitoring executed by internal and external team.
Manage information security process and IT risk and governance to business and IS colleagues to ensure the right adoption and compliance with BUPA policies, standards and directives.
Design process and controls to ensure that information and application security architecture decisions are consistent and leverage opportunities for common approaches, across application development projects and programmers.
Create appropriate security architecture deliverables – roadmaps, heatmaps, etc. – under the direction and coordination of the BGLA CISO and Global Security community, to drive the global implementation of the Information Security and IT Risk Management policies.
Propose new or modify existing security standards that support enterprise security standards and Information Security vision, seeking approval through appropriate channels.
Ensure that new initiatives adopt the Information Risk Management strategy consistently and the team leaded perform the best cost/effective activities.
Resolve information and application security design issues and provide cost effective solutions to meet project and operational requirements.
Lead and ensure the right quality deliverables for all activities executed by third-party suppliers about security processes.
Review strategic third-party vendors for compliance with standards, as directed by the BGLA CISO and Supply management policy.
Support the Global Security community and BGLA CISO in developing the business case for future global information and application security architectural requirements.
Lead her/his team to provide independent information and applications security review, technical reports, system documentation, and performance metrics
As instructed by the Global Information Security community or BGLA CISO, review the deliverables throughout the development cycle to ensure quality and traceability to requirements and adherence to all quality management processes, plans and standards.
Participate in relevant information security, IT risk and IT governance forums to provide advice on information and application security matters, and the appropriate approach to comply with the current Security guidelines.
Lead all definitions of conceptual and logical information and application security architecture specifications for BGLA, aligned with business goals, IS strategy and architecture visions.
Provide information and application security architecture direction and guidance to solution architects and technical staff under the coordination of the Global Security community and BGLA CISO.
Review and provide input on proposals from an information and application security architectural perspective, including feasibility, practicality, technical viability, and consistency
The Ideal Candidate
Core Knowledge and Experience:IS Technology or Business degree essential
Risk Assessment and Risk Management CRISC Certified
CISA/CISM Certifications
IT Governance, IT Risk and Information Security experience
Role Specific Knowledge and Experience:10+ years’ experience in information security
3+ years leading multicultural professionals and managing business stakeholders
5+ years’ experience delivering business impact assessments in a regional IS project environment
Demonstrable experience of managing multi-cultural stakeholder landscapes, and projects in a complex, global context
Experience of working in a multi-vendor environment
Experience of establishing, deploying and operating information security risk management processes
Knowledge of information and application enterprise architecture best practice and governance
Experience of working with SAP, with knowledge of SAP security architecture and requirements
Strategic planning capabilities (approaches and processes, tools, deliverables) and ability to understand industry trends, competitor or future competitor's strategies and product roadmaps
Understanding of IT industry trends and enterprise standards and methodology
Broad technological knowledge and passion for technology
