Manager, Information Security Governance & Compliance

We are seeking a dedicated and experienced Information Security Governance and Compliance Manager to join our dynamic team. The successful candidate will focus on policy management, control assurance and testing, and governance across key information security programs. They will be responsible for creating and maintaining Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) and ensuring overall compliance with our policies and procedures. This role requires a deep understanding of regulations such as PCI and HIPAA, as well as the NIST 800-53 control framework.

Key Responsibilities:

Policy Management:

• Develop, implement, and maintain information security policies, standards, and procedures.

• Ensure policies are up-to-date and in compliance with regulatory and industry standards.

• Conduct regular reviews and updates to policies as necessary.

Control Assurance and Testing:

• Design and implement control assurance activities to evaluate the effectiveness of security controls.

• Perform regular control testing to ensure compliance with internal and external requirements.

• Identify gaps in controls and work with relevant stakeholders to develop remediation plans.

Governance Across Key Information Security Programs:

• Oversee governance processes for key information security programs.

• Ensure alignment with organizational goals and regulatory requirements.

• Provide guidance and support to various departments to ensure compliance with security programs.

KPI and KRI Management:

• Develop, monitor, and report on KPIs and KRIs related to information security governance and compliance.

• Provide regular updates to senior management on the effectiveness of security controls and compliance status.

• Use metrics to drive continuous improvement in the security posture of the organization.

Regulatory Compliance:

• Maintain a thorough understanding of applicable regulations (e.g., PCI, HIPAA) and ensure organizational compliance.

• Conduct regular compliance assessments and audits.

• Serve as a subject matter expert on compliance issues and provide guidance to the organization.

Frameworks and Standards:

• Apply the NIST 800-53 control framework to enhance the organization's security posture.

• Ensure that security controls are mapped to relevant frameworks and standards.

Qualifications:

• Minimum of 5 years of experience in information security governance and compliance.

• Experience with regulatory requirements such as PCI, HIPAA.

• In-depth knowledge of the NIST 800-53 control framework.

• Preferred certifications: CISSP, CISM, CRISC, or equivalent.

• Strong understanding of information security principles and best practices.

• Excellent analytical, problem-solving, and communication skills.

• Ability to manage multiple priorities in a fast-paced environment.

• Proven track record of successfully managing information security policies and compliance programs.

Preferred Skills:

• Experience with Information Security risk management and assessment methodologies.

• Familiarity with various information security technologies and tools.

• Ability to effectively communicate complex security concepts to non-technical stakeholders.

• Strong project management skills and attention to detail.

What We Offer:

• Competitive salary and benefits package.

• Opportunities for professional growth and development.

• A collaborative and inclusive work environment.

• If you are a motivated and experienced information security professional looking to take on a challenging role with a leading organization, we encourage you to apply.

Salary / Pay Range

This job posting contains a pay range, which represents the range of salaries or hourly rates that the NFL believes, in good faith, at the time of this posting that it might be willing to pay for the posted job in the location(s) specified. The NFL expects to hire for this position near the middle of the range. Only in truly rare and exceptional circumstances, where an external candidate has experience, credentials or expertise that far exceed those required or expected for the position, would the NFL consider paying a salary or rate near the higher end of the range.