Director Cyber Risk Management (Remote)

About our Team

Our Information Security and Data Protection team acts as the center of gravity for the cybersecurity practice at Elsevier. We safeguard the confidentiality, integrity, and availability of the Company's information resources, Consumer Data, and Technology infrastructure. We carry business accountability and engage with business stakeholders to enable them to manage their risk.

About the Role

This is a leadership role reporting to the VP of Cybersecurity Governance, Risk & Compliance (GRC) that requires an individual with a deep ability to work with and coordinate projects across the Elsevier Technology Information Security and Data Protection organization, as well as Technology product owners and their customers. This role will primarily be focused on maturing the cyber risk management function of the GRC team and developing it into a strategic program that takes a proactive approach to risk management. This role will work closely with internal audit, technology partners, business stakeholders and other parts of the security organization to identify, quantify and manage risks.

Qualifications

• 12+ years of IT Security experience
• 5+ years of people management experience

• Extensive experience in developing a cyber risk management function
• Background in establishing a risk-based culture and embedding risk-based thinking within the business.
• Demonstrated business acumen
• Strong analytical and critical thinking skills, and excellent written and oral communication & presentation skills
• Proven ability to develop talent and assemble a highly effective team

• Highly collaborative with ability to articulate ideas and influence peers and senior leaders
• Experience with various risk management frameworks
• Experience with cyber risk quantification
• Education Level: Bachelor's Degree or Equivalent

Key Responsibilities:

• Leading and managing junior risk analysts.
• Designing and implementing a robust risk management program to aid the rest of the organization in taking a risk-based security approach.
• Building a risk quantification function and perform quantitative assessments of cybersecurity risk scenarios.
• Providing advisory services to other parts of the business to assist in the prioritization and remediation of open risk items.

• Leading the quarterly risk review process.
• Working to improve the risk culture across the company.
• Leading communication and upwards reporting of the highest risks to executive leadership.
• Acting as a trusted advisor to the business and technology stakeholders across the enterprise to partner on security risks and stay aligned on common goals.
• Engaging technology, security, and business stakeholders to create awareness and alignment of key risk areas.

• Maintaining communication with peers throughout the organization and security contacts including Business Units and subsidiary locations; survey clients to determine appropriate communication methods; and deliver solutions to help raise awareness of the risk program.
• Managing global teams across multiple physical locations including work assignment and tracking, career development and mentoring and carry out management responsibilities in accordance with the organization's policies, procedures, and applicable laws. Responsibilities include interviewing, hiring, and training employees; planning, assigning, and directing work; appraising performance; rewarding and disciplining employees; and addressing complaints and resolving problems.

Technical Skills:

• Understanding of networking, web-based content delivery platforms and personal computing filesystem operation, architecture, patching and security.
• Understanding of risk assessment strategies.
• Collaborating: Advanced skills in setting, communicating, implementing, and achieving business objectives and goals through the direct management of others.
• Planning: Advanced organization/project planning, time management, and change management skills across multiple functional groups and departments, and advanced delegation skills involving prioritizing and reprioritizing projects and managing projects of various size and complexity.
• Problem-solving experience involving leading teams in identifying, researching, and coordinating the resources necessary to effectively troubleshoot/diagnose complex project issues; prior success extracting/translating findings into alternatives/solutions; and identifying risks/impacts and schedule adjustments to facilitate management decision-making.

• Excellent stakeholder management skills. Ability to cultivate and maintain solid relationships with the leadership of other teams and third-party vendors. Represents the Security team to customers and other managers within department.
• Generate regular reporting including KPIs, metrics and SLAs reporting, executive reporting, and other ad hoc reporting as required by management.
• Documented experience with process mapping, process improvement, and automation

Preferred Qualifications

• CRISC - Certified in Risk and Information Systems Control
• CISSP or CISM
• FAIR Certification

Working with us

We are an equal opportunity employer with a commitment to help you succeed. Here, you will find an inclusive, agile, collaborative, innovative and fun environment, where everyone has a part to play. Regardless of the team you join, we promote a diverse environment with co-workers who are passionate about what they do, and how they do it.

At Elsevier, we know that your wellbeing and happiness are key to a long and successful career. These are some of the benefits we are delighted to offer:

• Comprehensive, multi-carrier health plan benefits
• Disability insurance

• Dependent Care and Commuter Spending Accounts
• Life and Accident Insurance
• Retirement Benefits (Salary Investment Plan/Employer Stock Purchase Plan)
• Modern Family Benefits, including adoption and surrogacy

Working for you

About Us

A global leader in information and analytics, we help researchers and healthcare professionals advance science and improve health outcomes for the benefit of society. Building on our publishing heritage, we combine quality information and vast data sets with analytics to support visionary science and research, health education and interactive learning, as well as exceptional healthcare and clinical practice. At Elsevier, your work contributes to the world's grand challenges and a more sustainable future. We harness innovative technologies to support science and healthcare to partner for a better world.

Join Us

PURPOSEFUL WORK
When you work with us, your work matters. You are part of an organization that nurtures your curiosity to stimulate innovation for the communities that we serve.

GROWING EVERY DAY
Like the communities we serve, you are on a constant path of discovery to shape your career and personal development.

COLLEAGUES WHO CARE
You will be part of the Elsevier family. We will support your well-being and provide the flexibility you need to thrive at work and home.

Together, we create possibilities.
Join us

Elsevier is an equal opportunity employer: qualified applicants are considered for and treated during employment without regard to race, color, creed, religion, sex, national origin, citizenship status, disability status, protected veteran status, age, marital status, sexual orientation, gender identity, genetic information, or any other characteristic protected by law. If a qualified individual with a disability or disabled veteran needs a reasonable accommodation to use or access our online system, that individual should please contact [email protected] or if you are based in the US you may also contact us on 1.855.833.5120.

Please read our Candidate Privacy Policy