Security & IT Program Manager
WHOOP
RESPONSIBILITIES:
- Analyze existing Security, GRC, and IT operations processes to identify areas of opportunity.
- Collaborate with users and departments to understand needs, document requirements, and develop security controls.
- Develop and implement process improvements that enhance efficiency, reduce risk, and improve compliance.
- Develop and maintain documentation for security and IT operations processes, policies, and procedures.
- Manage security and IT operations projects from initiation to closure, ensuring timely delivery and adherence to project goals.
- Develop project plans, timelines, and resource requirements.
- Track project progress, identify risks, and implement mitigation strategies.
- Ensure compliance with relevant security and industry regulations, standards, and frameworks (e.g., ISO 27001, GDPR).
- Develop and implement policies and procedures related to new hires, employee terminations, and transfers, ensuring that all IT & Security requirements are met and compliance is maintained. Continuously review and update these processes to address evolving risks and regulatory changes.
- Oversee the implementation and effectiveness of security awareness training programs, ensuring that all employees are adequately trained and aware of their security responsibilities.
- Monitor compliance activities and identify areas for improvement.
- Coordinate with relevant stakeholders to plan and execute regular risk assessments
- Enhance and maintain a comprehensive risk register, including the identification, assessment, prioritization, and tracking of risks.
- Manage vulnerability remediation, including coordinating and tracking efforts to remediate identified vulnerabilities, ensuring timely and effective resolution.
- Enhance process for reviewing and approving or rejecting proposed risk mitigation or exception requests, ensuring that they align with the organization's risk tolerance and compliance requirements.
- Develop and deliver regular executive reports on the security and IT operations program's performance, key metrics, and risk assessments.
- Provide insights and recommendations to senior leadership based on data analysis and industry trends.
- Manage relationships with third-party IT & Security vendors to ensure effective delivery of services and alignment with organizational needs.
- Develop deep knowledge of privacy and security obligations, processes, best practices, and solutions utilized across the organization. Leverage this knowledge to drive requirements and process improvements.
QUALIFICATIONS:
- 3+ years of experience in Security, Compliance, or IT operations with a strong focus on process improvement and project management.
- Proven track record of successfully managing complex projects and delivering results in a fast-paced environment.
- Demonstrated experience in developing and implementing procedures and standards.
- Track record of successfully managing high-priority projects and delivering results in a fast-paced environment.
- Knowledge of frameworks such as ISO 27001, NIST Cybersecurity Framework, or GDPR preferred.
- Certifications such as Project Management Professional (PMP), Certified Information Security Manager (CISM), or Certified Information Systems Auditor (CISA) are preferred but not required.