Senior Manager, Info Security

Reporting to the Director Security Risk Management, the Vendor and Customer Security Principal Risk Analyst will own informatica’s Vendor Security Risk Management program as well as manage the Customer Security Risk Management at Informatica. In this role, you will wear two hats you will assure the integrity of Informatica’s and our customers data protection to the proper vetting and analysis of the security controls of Informatica’s vendors, 2nd you will create and maintain the required information security collateral and respond to our customers vendor risk assessments and security questionnaires supporting our cloud services sales model. The successful candidate will be a roll-up your sleeve individual, instrumental in building and maintaining a vendor and customer risk management program. Collaboration with the business areas within Informatica will be a key success criteria for this individual.

Our Ideal Candidate

·        Experience with auditor and/or customer discussions.

·        Knowledge or understanding of information security risk management as it pertains to 3rd and 4th party risk and customer commitments

·        Comfortable assessing other organization’s security posture based on our vendor risk assessment tool

·        Demonstrated experience in an Information Security program management role.

·        Can work in a very fast paced environment

·        Interested in helping us augment our current program and playing a leading role in building it up

·        The ability to operate successfully in a matrixed organization while operating independently.

·        Experience with external regulatory and industry mandates: SOC 2 Type 2, GDPR, ISO-27001, NIST Cyber Security desirable.

ESSENTIAL DUTIES & RESPONSIBILITIES (Your Responsibilities)

·        Improve and lead Informatica’s Vendor Security Risk Management program, assuring that the program meet all regulatory, industry, and customer requirements for 3rd and 4th party security risk management.

·        Partner with Sales and R&D, to enhance and manage the Information Security responsibilities within the Customer Relationship Management. (e.g support the customer lifecycle of 3rd party risk management by managing the documentation and distribution of responses to customers through the customer engagement; Including: RFI/RFPs, Customer Security Questionnaires, Customer’s Vendor Risk Management questionnaires, Custom Audits)

·        Ensure that Customer’s security commitments are tracked and managed.

·        Ensure our Vendors are assessed in a timely manner and tracked in findings accordingly

·        Act as a corporate advocate for information security practices.

·        The knowledge to explain security program elements, i.e. application security, vendor risk management, business continuity, internal and external pen-testing.

·        Deliver presentations to staff or external entities as needed, including executive presentations.

KNOWLEDGE & REQUIREMENTS (Our Ideal Candidate)

·        Has proven ability to identify opportunities to reduce risk in our organization and escalate issues to management and senior management where required

·        Has demononstrated ability to work in a fast paced envcironment, with project management and organization skills

·        Has proven ability to work across multiple departments, and with various levels of staff

·        Great communication skills

·        Excellent communication, reporting and educational skills

MANAGEMENT & SUPERVISORY RESPONSIBILITIES

Section 1

·        This job typically reports to: Director, Information Security Risk

Section 2

☐ Check box if this job directly manages employees

·        This job is directly responsible for managing other employees (e.g. hiring/termination and /or pay decisions, performance management).

·        Direct report job titles may include: Enter Direct Report Job Title here

EDUCATION & EXPERIENCE REQUIREMENTS (Your Qualifications)

·        Bachelor’s degree or equivalent educational background. (May List Concentrations)

·        3-5 years’ experience required.

·        Certifications preferred (if applicable): PMP, CISSP

·        Or an equivalent combination of education, training or experience.