Job Post: Director of Enterprise Risk Management

Director Enterprise Risk Management

Northrop Grumman Information Technology (NGIT) is looking for someone to work under the direction of the Vice President, Information Security and CISO, as the Director of Enterprise Risk Management.  This position is responsible for managing and articulating information security risk across the company. Specifically this includes the development and evolution of a security compliance program related to network, computing platform and application baseline security standards and information Security policies. Responsible for the development and maintenance of the disaster recovery/business continuity strategy inclusive of the business impact analysis, recovery process and procedures as well as recovery classifications and disaster recovery testing. Focus on development and dissemination of specific threat information exchange among the Aerospace and Defense community. Primary activities include, but are not limited to: Priority focus on cyber threat analysis and intelligence group with authority to identify specific targeting of intellectual property and innovative solutions to assess, evaluate, and deploy solutions as part of an overall data protection strategy. Regular threat information sharing with DoD, law enforcement, intelligence community, and peer companies. Manage the development, implementation and maintenance of global information security policies, procedures, and standards based on ISO 17799 and ISO 27001. Establish a compliance framework to ensure adherence to regulatory guidelines inclusive of controls related to SOX, HIPAA, and customer requirements. Identify and lead efforts to establish an internal control framework to ensure information asset protection, personal data protection, identity management, access controls and monitoring policies. Partner with internal audit to create long range audit plans and system reviews. Process owner for SOX general controls for IT compliance and security, to include internal and external auditing. Ownership of certification and accreditation process for internal and external systems and designated approval authority for US government.  

Initiate and conduct risk assessments and develops risk mitigation plans as needed. Develop and manage a risk assessment framework with external business partners/teaming partners and develop mitigation plans and controls including regularly scheduled reviews. Work with procurement to ensure information security controls are included in vendor and third party partner contracts. Develop and maintain a disaster recovery/business continuity plans including business impact analysis, recovery classifications, processes and procedures. Plan and conduct disaster recovery testing as required. Operate in a highly matrixed environment, manages cross-divisional projects, and exhibits a high degree of influence to gain support around a long term vision. Manages cross-functional teams comprised of members from other areas in order to design, develop and deliver enterprise information security solutions. Monitor external developments and best practices including government laws and regulations around data privacy protection, determine applicability and incorporate appropriate methods, tools and technologies to enhance the overall security program. He/she is required to operate in a highly matrixed environment, manage cross-divisional projects, and manage cross-functional teams.

 Required Skills/AbilitiesBachelors Degree or equivalent (Master’s degree highly desirable) and at least 15 years in a leadership role and relevant work experience with a demonstrated record and proven ability to lead and execute corporate-wide information security compliance and risk mitigation programs in a large scale corporate setting. Must be articulate and persuasive leader, able to communicate security related concepts to a broad range client community. Ability to develop and build support around a long term vision and implement incremental milestones in support of that vision. Excellent communication, negotiation and influencing skills. Requires a solid understanding of information security and ability to manage a virtual staff of professionals. High personal integrity, credibility, and energy. Demonstrated leadership in achieving shared objectives in a matrix organization; managing cross functional projects; coordinating projects and services across national boundaries; and building effective cross-functional teams are essential. Must have a demonstrated competency in strategic thinking with broad industry knowledge around personal data protection, security risk analysis, risk management and identity management. Prior experience working with internal and external audit authorities is essential. Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM) as well as six sigma green/black belt strongly preferred. Prior counter-intelligence experience and relationships with DoD, law enforcement, and intelligence community a plus.  

Will consider job location to be one of several areas: Washington DC and surrounding Metro area, Baltimore, Dallas, or Southern California.

Current TS/SCI cleared a plus. Must be able to obtain TS/SCI clearance. 

 If you are interested in this opportunity, please apply via the following link:https://rmax.northropgrumman.com/MAIN/careerportal/candidate_update.cfm?szOrderID=588&szCoverLetter=yes&szUniqueCareerPortalID=b341ba47-6d4f-4e87-b30f-1d5a7ce248eb