Senior Manager, Information Security

If you’re passionate about building a better future for individuals, communities, and our country—and you’re committed to working hard to play your part in building that future—consider WGU as the next step in your career.

Driven by a mission to expand access to higher education through online, competency-based degree programs, WGU is also committed to being a great place to work for a diverse workforce of student-focused professionals. The university has pioneered a new way to learn in the 21st century, one that has received praise from academic, industry, government, and media leaders. Whatever your role, working for WGU gives you a part to play in helping students graduate, creating a better tomorrow for themselves and their families.

The salary range for this position takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; and other business and organizational needs.

At WGU, it is not typical for an individual to be hired at or near the top of the range for their position, and compensation decisions are dependent on the facts and circumstances of each case. A reasonable estimate of the current range is:
 

Grade: Management Technical 714

Pay Range: $148,100.00 - $244,400.00

Job Description

Essential Functions and Responsibilities:

Develops and leads the Security Risk Management program. Responsible for the implementation, maintenance, maturation, and operational and strategic direction of the Risk Management Framework (RMF) across the university. Mentors, develops, coaches, and leads members of the Risk Management team and other team members within the larger Information Security department. This will include planning and establishing goals and objectives for members of the team as well as for the program and other areas of Information Security as the relate to the Security Risk Management program. Manages budget and third-party relationships as they relate to the program and provides input into the overall Information Security budget. Manages the work of team members who generally exercise some latitude and independence in their assignments. Ensures proper training and coaching of team members, and actively participates in hiring, firing, and promotion decisions. Conducts performance reviews and recommends salary reviews. Develops, monitors, and communicates program objectives and performance metrics to Senior Information Security leadership to provide insight into the direction and performance of the Risk Management program. Develops and takes responsibility for Security Risk Management strategy and participates in development of overall Information Security strategy. Develops, measures, collects, and reports on key Information Security services and risk indicators. Champions and leads resource groups and project teams to ensure security initiatives are aligned with business requirements. Provides guidance and assistance to operational teams to remediate security deficiencies identified in risk assessments. Serves as Risk Management Subject Matter Expert within Information Security and across other departments and coach team members to provide Risk Management expertise within the department and university. In some cases, this will require developing solutions to address complex problems involving multiple departments, technologies, etc. Coordinates and participates in cross-functional discussions to address and resolve complicated security issues. Identifies gaps and areas of maturation within the program and lead the team in addressing identified gaps and overall program growth; this may include working with Senior leadership across this university to gain acceptance. Conducts risk assessments, vendor reviews, exception to policy reviews, and other risk-related activates which are related to projects, business growth, and areas of concern within the university. Acts as advocate for Information Security to help the business understand information security risks, standards, and best practices. Works with the Senior Information Security leadership and business unit leadership to promote and embed a risk management culture across the university. Provides subject matter expertise in the development of Awareness campaigns to reduce the overall risk to the university.

Knowledge, Skill, Abilities, and Competencies:

• Expertise with, and experience in, Risk Management as it relates to Information Security.
• Expertise and experience with Information Security and privacy principles and controls used to manage risks related to the use, processing, storage, and transmission of information or data.
• Ability to understand and translate threats and vulnerabilities to business risk.
• Expertise in Risk Management best practices and security program development and implementation.
• Knowledge of NIST, HIPAA, FERPA, GLBA, ISO, and other regulatory and industry standards.
• Good written and oral communication skills with the ability to explain complex security problems to business partners and units.
• Excellent analytical, problem solving, and decision-making skills required.
• Solution-driven approach to problems.
• Excellent critical thinking skills.
• Ability to build a strong risk culture within an organization.

Job Qualifications:

Minimum Qualifications:

• Bachelor’s Degree in a related field and 7 years of Information Security experience or 10 years industry experience working in security.
• Hands on experience in Risk Management as it relates to data and / or Information Security, including experience in developing and/or leading a Risk Management program.
• 3+ years of leadership experience, which can be a combination of people and / or program leadership.
• One or more industry security certifications (CISSP, CISA, CISM, or CRISC).

Preferred Qualifications:

• Master’s degree in related field.
• Preferred certification in CRISC.

Physical Requirements:

• Prolonged periods sitting at a desk and working on a computer.
• Must be able to lift up to 15 pounds at times.

Position & Application Details

Full-Time Regular Positions (classified as regular and working 40 standard weekly hours): This is a full-time, regular position (classified for 40 standard weekly hours) that is eligible for bonuses; medical, dental, vision, telehealth and mental healthcare; health savings account and flexible spending account; basic and voluntary life insurance; disability coverage; accident, critical illness and hospital indemnity supplemental coverages; legal and identity theft coverage; retirement savings plan; wellbeing program; discounted WGU tuition; and flexible paid time off for rest and relaxation with no need for accrual, flexible paid sick time with no need for accrual, 11 paid holidays, and other paid leaves, including up to 12 weeks of parental leave.

How to Apply: If interested, an application will need to be submitted online. Internal WGU employees will need to apply through the internal job board in Workday.

Additional Information

Disclaimer: The job posting highlights the most critical responsibilities and requirements of the job. It’s not all-inclusive.

Accommodations: Applicants with disabilities who require assistance or accommodation during the application or interview process should contact our Talent Acquisition team at recruiting@wgu.edu.

Equal Employment Opportunity: All qualified applicants will receive consideration for employment without regard to any protected characteristic as required by law.