Manager of Information Security - Program Management
The Area: The Information Security department is responsible for setting enterprise security policies and standards that are designed to protect the confidentiality, integrity and availability of Morningstar information. The security team offers guidance and technical expertise in areas like application security, policies and procedures, disaster recovery and compliance/regulation. We analyze emerging security threats and conduct risk and vulnerability assessments to ensure that our information remains secure.
The Role: As Manager of Information Security, you will be directly responsible for supporting Morningstar’s information security governance processes. This individual will proactively drive alignment between regulated entities and the information security strategy, keep clear lines of communication, update the regulated entities on upcoming security initiatives, reporting of security risks to the CISO, as well as a key player in the information security incident response process. As a member of Information Security, you will help develop a culture where safety, security and resiliency are integrated into every facet of Morningstar. You will help us continually advocate, identify, and monitor security processes that help drive business activities in a secure manner. You will be responsible leading governance activities to help mature the information security program and collaborate with product teams to advocate security initiatives. This position is based in our Chicago office.
Responsibilities
- Develops measures and monitors program performance against established security objectives to ensure programs stay on-time, in-scope, and on-budget
- Work as an Information Security subject matter expert and provide expertise regarding regulated entities
- Represent Information Security on client calls and audits
- Assists the IT Compliance Manager with contract reviews
- Provide oversight to the information security risk register
- Drive adoption of information security program standards throughout the organization
- Advance the security minded culture through advocacy
- Assist in developing and testing incident response processes and policies
- Implement information security risk governance and control frameworks that incorporates a consistent, sustainable methodology for identifying, assessing, and documenting information security risk that provides early warning of potential failure to meet information security requirements
- Execute audit tests; identify issues and areas for improvement in efficiency and effectiveness in regulated entities
- Manage and support Morningstar’s current and future compliance related responsibilities (SOX, SOC2, PCI-DSS, GDPR, SEC, etc.)
Requirements
- A bachelor’s degree and 4+ years’ experience in a risk, compliance or IT auditor role
- Experience in a client facing security role
- Understanding of IT SOX Controls
- Experience representing the security team during external or internal audits
- Strong project management skills
- Excellent communication skills and a familiarity with common compliance and security frameworks (SOX, SOC2, PCI-DSS, GDPR, SEC, etc.)
- Strong organizational skills and the ability to multitask and switch priorities with short notice
- Proven experience in governing IT security programs to properly manage and address program progress and results against strategic goals
- Analytical aptitude with an emphasis on investigative, methodical critical questioning and logical thinking; a data-driven decision maker
- High level of interpersonal skills to interact with leaders at multiple levels and facilitate team interactions