Director of CISO Governance, Risk, Compliance & Assurance

Pearson ,
London, Greater London
Job Type: Full-time

Overview

Director of CISO Governance, Risk, Compliance & Assurance Description At Pearson, we’re committed to a world that’s always learning and to our talented team who makes it all possible. From bringing lectures vividly to life to turning textbooks into laptop lessons, we are always reexamining the way people learn best, whether it’s one child in our own backyard or an education community across the globe. We are bold thinkers and standout innovators who motivate each other to explore new frontiers in an environment that supports and inspires us to always be better. By pushing the boundaries of technology — and each other to surpass these boundaries — we create seeds of learning that become the catalyst for the world’s innovations, personal and global, large and small. Reporting to the SVP, Technology Assurance, this senior thought leader role is responsible for leading Pearson’s CISO Security Governance, Risk, Compliance and Assurance. The individual will bring a wealth of experience of building, automating and continuously improving Information Security Management Systems for digital and cloud first organisations. They must have a high level of technical and business acumen with an ability to build strong, trusted relationships with Pearson and Vendor partners. As trusted technology leader they must know how to work with cross-functional and multi-location leaders and teams. Responsibilities include but not limited to: Evolve the Pearson Security Governance, Risk, Compliance and Assurance into a world class high performing team in a fast paced digital platform and cloud fist environment. Build a framework for cross company compliance which anticipates Pearson’s marketplace becoming much more regulated. Define a roadmap to take Pearson’s gartner maturity score to 4 . Lead Pearson in the continuous improvement of a digital platform and cloud first ISMS based on ISO/IEC 27001 requirements and other global standards as appropriate. Lead the evolution of Pearson’s global information security policies, standards and guidelines that enable business and customer success through automation. Ensure full global adoption of the policies through collaboration and balanced enforcement with business and technology leadership. Implement and evolve appropriate automated security governance model for Pearson incorporating business and technology accountability. Including determining KPIs to measure the security effectiveness of Technology Programmes. Evolve framework for measuring Corporate Information Security Risk, Compliance and Assurance based on applicable international/regional industry recognized standards, such as ISO/IEC 27000 series, NIST SP800 series, COBIT, FERPA, COPPA, etc. Ensure this framework is used as the common standard for automating and measuring risk and compliance in/by the business and technology. Ensure the organization achieves compliance targets in a timely fashion and can clearly evidence compliance to customers, stakeholder and authorities as required. Meeting and surpassing our customer requirements. Lead and operate an effective 3rd party compliance program for partners, vendors, resellers, suppliers, etc. Make PCI and other regulatory filings in a timely and professional manner. Leadership engagement with Pearson Internal Audit on risk and compliance evidential perspective. Continue to build Pearson’s world-class global education program on Information Security and Data Privacy, ideally using Pearson’s learning platforms and measures of efficacy. Liaise with customers, partners, security organizations and others to support the business risk management effort. Act as a Security role-model and champion throughout the company. Specific Work Experience The following skills and experience are essential: Extensive experience in the information security field with specific focus on risk management, policy, compliance and/or security frameworks within hybrid environments of Cloud and On Prem, preferably in a highly regulated environment. Proven ability to build high performing teams in GRCA discipline for multi-national organisations across multiple jurisdictions in a global context. Professional security management qualifications and certifications, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other relevant credentials. Deep and broad understanding of information security encompassing control technologies, policies and standards, risk and compliance, audit, data privacy, etc. Have successfully lead GRCA Teams in Digital or Cloud organisations. Excellent verbal and written communication skills with a wide range of audiences including technologists, executives, business stakeholders and IT team members. Experience in leading matrix global teams. Experience in managing a budget. Must be a critical thinker with strong problem-solving skills. Knowledge and understanding of relevant legal and regulatory requirements, specifically US, UK and EU. Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT and NIST SP800. Intimate knowledge of global data privacy regulations such as those in GDPR, CCPA etc. Experience with Cloud services risk management such as AWS, Google, Azure, Oracle. Experience with contract and vendor negotiations. Experience with writing and reviewing security requirements for contracts. High level of personal integrity, and the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity. High degree of initiative, dependability and thought leadership. Experience in developing risk management frameworks including tools such as RSA Archer, Allgress, ServiceNow and other RAID tools. Typical characteristics: Customer Focus Understands the importance of total customer care and is able to demonstrate the ability to build long-term business relationships. Has the ability to manage customer expectations in addition to ensuring that a high level of service is delivered. Communication Skills Able to demonstrate excellent communication skills and influence in achieving the right outcomes. Open, clear and assertive, although able to build effe