Information Security Governance, Risk, and Compliance Manager

1230 Ave of the Americas, New York, NY 10036, USAReq #284

Thursday, August 15, 2024

Simon & Schuster was named to Forbes magazine list of America's Best Mid-Size Employers 2022. Simon & Schuster is a global leader in general interest publishing, dedicated to providing the best in fiction and nonfiction for readers of all ages, and in all printed, digital and audio formats. Its distinguished roster of authors includes many of the world's most popular and widely recognized writers, and winners of the most prestigious literary honors and awards. It is home to numerous well-known imprints and divisions such as Simon & Schuster, Scribner, Atria Books, Gallery Books, Pocket Books, Adams Media, Simon & Schuster Children's Publishing and Simon & Schuster Audio and international companies in Australia, Canada, India and the United Kingdom, and proudly brings the works of its authors to readers in more than 200 countries and territories. For more information visit our website at www.simonandschuster.com.

We are seeking an experienced Information Security Governance, Risk, and Compliance Manager to join our Information Security Team. In this critical role, you will assist in creating security policies, managing vendor risk, ensuring cyber security awareness, managing data security, and ensuring compliance with security standards within Simon & Schuster .

Key Responsibilities:

• Assists in developing and implementing policies, procedures, and controls that ensure compliance with laws, regulations, and industry standards.

• Provide vision, direction and guidance on information security and security related privacy assessments

• Monitor that the controls are being tested with the appropriate frequency

• Maintain awareness of emerging threats, such as new viruses, hacker contests and system vulnerabilities

• Coordinate IT activities with internal and external audits and auditors (including selection of external auditors)

• Identify and assess risk associated with third-party vendor relationships. Maintain, track, and report on third-party risks to the appropriate stakeholders; Review third-party contracts to ensure proper cybersecurity is upheld in protecting sensitive company data.

• Develop and maintain a security awareness program that effectively changes these behaviors so our employees act securely, reducing the most risk to our organization.

• Maintain records of all data assets and technical data classification standards and maintain a data security incident management plan to ensure timely incident remediation.

• Enforce security policies and procedures by administering and monitoring security profiles, reviewing security violation reports, investigating possible security exceptions, updating, and maintaining and documenting security controls.

• Manage, schedule, and collect assessment requests.

• Assist In creating, developing, and delivering global security communications.

• Measure and evaluate cybersecurity risk through the creation and continuous maintenance of the Cybersecurity Risk Register

• Review current system security measures and recommend enhancements

• Performs initial and periodic information security risk assessment/analysis, mitigation and remediation. Assists in the development and knowledge transfer to IT team members, as well as other enterprise groups.

• Prepares reports, business cases, and presentations on security risk, controls, the status of compliance efforts, etc.

Qualifications:

• A Bachelor’s degree in Computer Science, Cybersecurity, Information Technology or other related field

• One or more of the following certifications a plus: CISSP, CISM, CISA, GIAC, PMP.

• Familiarity with security industry standards including NIST CSF, NIST 800-53, ISO27001 and PCI DSS; previous experience working with one of these frameworks

• Experience in Business risk analysis and mitigation

• Experience in design, delivery, and management of Enterprise-level security programs and technologies

• Experience with GRC platforms/tools and 3rd party risk assessment tools

• Strong knowledge of global data privacy regulations and guidelines a plus

• Excellent analytical and problem-solving abilities.

• Effective communication and interpersonal skills, with the ability to collaborate across departments.

• Proven presentation and facilitation skills

• Proficiency with Microsoft Office.

Simon & Schuster US is an equal opportunity employer (EOE) including disability/vet. At Simon & Schuster US, the spirit of inclusion feeds into everything that we do. From employee benefits/programs and social impact outreach initiatives, we believe that opportunity, access, resources and rewards should be available to and for the benefit of all. Simon & Schuster US is proud to be an equal opportunity workplace and is an affirmative action employer. We are committed to equal employment opportunity regardless of race, color, ethnicity, ancestry, religion, creed, sex, national origin, sexual orientation, age, citizenship status, marital status, disability, gender identity, gender expression, and Veteran status.

The hiring salary range for this position applies to New York City, California, Colorado, Washington state, and most other geographies. Starting pay for the successful applicant depends on a variety of job-related factors, including but not limited to geographic location, market demands, experience, training, and education. The benefits available for this position include medical, dental, vision, 401(k) plan, life insurance coverage, disability benefits, tuition assistance program and PTO or, if applicable. Additionally, employees have access to our industry-first, Broad Based Ownership program, which makes all employees partners in our shared success.

Candidates hired for this or any other posted Simon & Schuster role will be employees of Simon & Schuster, LLC, subject to all policies, including the Workplace Privacy Notice (https://www.simonandschuster.com/p/workplace-privacy-notice) , and eligible solely for the benefits plans thereof.

Other details

• Job FamilyEnterprise Solution Delivery

• Job FunctionComputer Security Specialists

• Pay TypeSalary

• Employment IndicatorRegular

• Min Hiring Rate$130,000.00

• Max Hiring Rate$160,000.00

Apply Now

• 1230 Ave of the Americas, New York, NY 10036, USA

<