Manager, IT Risk Management - Capability Service Owner
Columbus , Ohio
November 17, 2017


Additional Role description detail:Management role that leads and manages the Digital Forensics Investigations (DFI) team. Accountable for the operational readiness and delivery of the Incident Response, IT Security Investigations, and eDiscovery DFI capabilities. This role is also accountable to lead and drive the continued maturity of the DFI capabilities so they stay aligned with the emerging needs of the business.

Resource Tasks:Team management role with heavy focus on overseeing incident response and resolution, and eDiscovery data acquisition in support of litigation. Manage a team that performs the following duties: - Security incident response - Internal security investigation on behalf of OAR, IIU, Fraud, and Privacy - eDiscovery data acquisition for the Discovery Management Unit (DMU) - Forensics analysis - Metric reporting - DFI tool build and support

Required Skills:- Strong interpersonal skills, with collaboration and team building experience- Excellent listening, presentation, and documentation skills- Excellent written and verbal communication skills- Demonstrated ability to build and maintain a highly effective and engaged team- Follow-up and attention to detail with great customer service skills- Independent-thinker and self-starter, who still can work well within team environment- Good deductive reasoning skills, creative thinker- Understanding of incident response processes- Analytical and detail oriented - individuals must have passion and initiative- Experience responding to audits and remediating audit items- Management of a security operations team or capability- Experience with managing all phases of the Security Event lifecycle

Desired Skills:- Incident response, forensics, and /or eDiscovery management experience.- Experience / Understanding of eDiscovery tools a capability- Experience / Understanding of Incident Response tools a capability- Understanding of network attack vectors and controls effective at defending network attacks- Understanding of system attack vectors and controls effective at defending system attacks- Understanding of malware analysis, quarantine and eradications- Deep technical experience in at least one of the following areas (Network, Server, or Desktop)- Understanding of TCP/IP, UDP, DNS, FTP, and other protocols.- Understand of network analysis, net flow analysis and use network sniffing tools- Understanding of log analysis tools (Log Logic, Splunk, or similar)- Understanding of defensive controls (IPS, Application Firewalls, HIPS, AV, ...)

Experience Level:Typically, 7-10+ years of IT experience with 5+ years of experience managing an IT operations team. IT industry knowledge in specific areas. Applies developed subject matter knowledge to solve common and complex business issues within established guidelines and recommends appropriate alternatives. Works on problems/projects of diverse complexity and scope. Exercises independent judgment within generally defined policies and practices to identify and select a solution. Ability to handle most situations. May seek advice in order to make decisions on complex business issues.

Summary: Manages a staff responsible for information risk management to ensure the confidentiality, availability and integrity of information where it is processed, stored, or transmitted by the business and IT systems. Manages the development and implementation of risk mitigation architecture/designs, plans, controls, processes, standards, policies and procedures to ensure alignment with IS standards and overall IRM strategy. Develops techniques and procedures for conducting risk assessments and compliance audits.


Reporting Relationships: Reports to Director/AVP; responsible for 3 ore more direct report staff that investigatesand resolved risk incidents.Core Duties and Responsibilities:

+ Manages one or more aspects of information risk management for a business segment or function to ensure the protection of information processed, stored or transmitted and availability of business processes.

+ Manages the planning, engineering, development, implementation and administration of risk management systems through the use of controls, procedures, measurements and strategies to prevent unauthorized access, modification, disclosure, misuse, manipulation, or destruction of systems, networks, applications and data.

+ Assists in the establishment of information risk strategies in alignment with their respective business unit and IT initiatives. Manages the development and implementation of information risk policies, procedures, processes and programs to ensure availability, confidentiality, integrity, authentication and nonrepudiation.

+ Manages a staff responsible risk management areas that may include hardware/software testing and evaluation, information risk education and awareness, incident/event response including investigation and analysis, policy and standards development, risk assessment and mitigation solutioning.

+ Manages a staff that provides the vision, expertise and information risk management based solutions for long range planning in the area of information systems mitigation solutioning.

+ Manages a staff responsible for establishing the framework for the protection of Nationwide information assets through architecture, policies, standards, risk assessments, monitoring, certification and technology.

+ Manages a staff that tests and evaluates business processes and IT systems to ensure operation in accordance with information risk requirements. Defines and implements information risk requirements in alignment with the overall business plan.

+ Manages the process of developing mitigation solutions and direction for enterprise-wide IRM technology. Assists in the identification of changes and trends in information risk management technology; interprets their meaning to senior management.

+ Responsible for dispensing technical advice, guidance, direction and authorization to carry out information risk management projects, plans and procedures.

+ Position is a first-level manager and has direct responsibility for people management. In addition to project deployment, responsibilities include career development, performance management, and pay determination and communication. Responsible for the management of associates including: performance management, salary planning and administration, training and development, workflow planning, hiring and placement, and disciplinary actions.

+ Performs other duties as assigned.

Typical Skills and Experiences:Education: Undergraduate studies in computer science, management information systems, or related field is strongly preferred. Graduate studies in a technical or business discipline is preferred.

License/Certification/Designation: (See role guide)

Experience: Eight years of progressive work experience in information risk and/or information systems audit. Three years of experience in management is preferred.

Knowledge: Must have proven knowledge in Information risk components, principles, procedures and practices. Must have demonstrated knowledge in information controls and audit methodology for business systems and data processing environments. Must have a broad knowledge in information technology and risk trends. Must have an in-depth understanding in insurance and financial services business models and operations. Must have demonstrated knowledge of project management concepts and techniques required. Must have familiarity of financial statement preparation, budgeting and financial analysis concepts and techniques.Skills/Competencies: Must have the ability to manage a staff responsible for risk operations, risk assessment, and/or engineering. Must have the ability to develop and implement strategies and make risk recommendations to senior management. Must have the ability to develop and implement risk procedures, processes and programs. Must possess managerial skills as well as project leadership capabilities. Must be able to interpret information risk issues and present formal recommendations to senior management. Must have project and process management skills. Must have excellent verbal and written communication skills to interact with all levels of staff, management (executives and Board of Directors), and external sources. Must be strong in people management as well as negotiation and presentation skills.

Other criteria, including leadership skills, competencies and experiences may take precedence.

Staffing exceptions to the above must be approved by the hiring manager's leader and HR Business Partner.

Values: Regularly and consistently demonstrates the Nationwide Values and Guiding Behaviors.JOB CONDITIONS:Overtime Eligibility: Not Eligible (exempt)

Working Conditions: Normal office environment. Non standard and/or extended work hours as required.

ADA: The above statements cover what are generally believed to the principal and essential functions of this job. Specific circumstances may allow or require some associates assigned to the job to perform a somewhat different combination of duties.

Credit Check: N/A

Safety Sensitive (SS): N/AJob Family/Function: MIS/TRMEvaluation Activity:4/2010 JDC/JL

A little about us:
Great culture. Great people. Great opportunities. Join us today and help protect what matters most.

Know someone who would be interested in this job? Share it with your network.