Our client is seeking a Senior Manager, Policy Management to join the Global Information Security & Privacy organization based in the Washington, DC area. This position will report to the Director of Risk Management and is responsible for managing the enterprise-wide global information security policy and standards portfolio. This position will lead global stakeholder discussions and collaboration activities to update and enhance global policies and standards in line with risks, threats, and industry best practice, to ensure global policies and standards are appropriate to securing information assets, services, and the products that depend on them, building trust with customers and stakeholders, and protecting the security and privacy of customers and employees.
- Take ownership of the information security policies, guidelines, frameworks and standards to ensure they are mapped to Sony's business, legal requirements and industry standards.
- Manage the processes to update and enhance all global information security policies and standards, and take responsibility for the management and maintenance of the policy framework. Utilize outstanding writing skills to ensure policies and standards are appropriate and fit for purpose, and all documentation is produced to the highest standards.
- Leverage and maintain expert knowledge of relevant internationally recognized industry references (e.g. ISO 27001, NIST, PCI DSS, SANS) and other best practices, and incorporate as appropriate into global policies and standards to ensure that the policies and standards establish and maintain a strong security baseline to address common risks and emerging threats. Maintain a global reference library of mapping of policies to standards and references.
- Coordinate and lead global stakeholder and subject matter expert working groups to review and revise global information security and privacy policies and standards, develop supporting guidelines and implementation requirements to ensure timely and effective communication and implementation of policy requirements.
- Manage and enhance the policy review, revision and release life cycle processes to a defined schedule, and coordinate with HQ to facilitate global approval and publication of updated and/or new policies.
- Maintain and develop necessary templates, libraries and documentation to support and facilitate policy and standard lifecycle management.
- Develop and maintain a global portal and knowledge base for policies, standards other supporting documentation. Lead the development of guidance documentation to support policy requirements and to ensure companies understand and implement policy requirements effectively.
- Develop, mentor and lead the global policy risk management team, driving consistency and high standards in all aspects of risk policy management. Build and lead global capabilities for policy risk management through deployment utilization of internal and external resources where necessary.
- Minimum 7 years' experience in information security, with a focus on information security policy and risk management-related fields (including direct experience in information security policy creation and deployment, also risk assessment, risk remediation, risk management methodologies and frameworks are a benefit).
- Bachelor's degree, preferably in Computer Science or a related field, law or management, or other equivalent experience.
- Knowledge of and experience in developing and implementing information security policies and processes across multiple site organizations, preferably with international / global experience.
- Knowledge of information security management and risk management frameworks (e.g., ISO 27001 and 27002) and how they are applied in an Information Security Management System (ISMS) to support and integrate key business and strategic priorities.
- Experience in operational security domains preferred.
- Exceptional communication and advocacy skills, both verbal and written, with the ability to express complex and technical issues and communicate effectively and tactfully to all levels of personnel internally, with clients, and other stakeholders.
- Strong leadership skill set.
- Excellent analytical and problem solving skills
- Able to manage multiple projects simultaneously, with strong ability to prioritize multiple tasks and respond to emergencies, organize and schedule and manage work streams of junior personnel effectively.
- Ability to travel internationally as required, up to 10%.
- All candidates must be authorized to work in the USA.