Manager, Security Risk Management
Western Governors University
The salary range for this role takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; and other business and organizational needs.
At WGU, it is not typical for an individual to be hired at or near the top of the range for their role, and compensation decisions are dependent on the facts and circumstances of each case. A reasonable estimate of the current range is:
If you’re passionate about building a better future for individuals, communities, and our country—and you’re committed to working hard to play your part in building that future—consider WGU as the next step in your career.
Driven by a mission to expand access to higher education through online, competency-based degree programs, WGU is also committed to being a great place to work for a diverse workforce of student-focused professionals. The university has pioneered a new way to learn in the 21st century, one that has received praise from academic, industry, government, and media leaders. Whatever your role, working for WGU gives you a part to play in helping students graduate, creating a better tomorrow for themselves and their families.
Current WGU employees should submit an internal application before 11/28/2023 to be considered.
The Manager, Security Risk Management is responsible for the management of the Security Risk Management program. This position will need to evaluate and assess security risks to the organization and work with teams and management across multiple functions and departments to develop mitigation strategies. This individual will lead a team of risk management professionals in creating policies, standards, and processes for assessing, analyzing, and reporting security risk as it relates to the confidentiality, integrity, and availability of data. This individual will be responsible for the Security Risk Management program at the university.
Essential Functions and Responsibilities:
Lead the Security Risk Management program.
Under the direction of Senior Information Security leadership, will implement and maintain the Risk Management Framework (RMF) across the university. Will provide recommendations for improvement on the Risk Management Framework and lead team members in implementing recommended changes. Responsible for operational direction of the program.
Lead members of the Risk Management team and other team members within the larger Information Security department. This will include planning and establishing goals and objectives for members of the team and managing individual team member workloads.
Manage day-to-day elements of the budget and provide input into the overall Information Security budget, this may include data to support budget requests or decisions.
Coordinate, supervise, and review the work of team members. Guide and provide on-the-job training to team members.
Monitor performance, coach employees, and help draft performance reviews with input from manager. May recommend hiring, firing, promotion, performance, and rewards decisions. Monitor and communicate program objectives and performance metrics to Senior Information Security leadership to provide insight into the direction and performance of the Risk Management program.
Participate in development of Security Risk Management program and Information Security strategy.
Measure, collect, and report on key Information Security services and risk indicators. Work with IT and business unit management to ensure security initiatives are aligned with business requirements.
Provide guidance and assistance to operational teams to remediate security deficiencies identified in risk assessments.
Be a Risk Management Subject Matter Expert within Information Security and across other departments.
Participate in cross-functional discussions to address and resolve complicated security issues.
Make recommendations to Information Security leadership to grow and mature the program.
Conduct risk assessments, vendor reviews, exception to policy reviews, and other risk-related activates which are related to projects, business growth, and areas of concern within the university.
Knowledge, Skill and Abilities:
Experience with Risk Management as it relates to Information Security.
Experience with Information Security and privacy principles and controls used to manage risks related to the use, processing, storage, and transmission of information or data.
Ability to understand and translate threats and vulnerabilities to business risk.
Knowledge of risk management best practices and security program development and implementation.
Knowledge of NIST, HIPAA, FERPA, GLBA, ISO, and other regulatory and industry standards.
Good written and oral communication skills with the ability to explain complex security problems to business partners and units.
Excellent analytical, problem solving, and decision-making skills required.
Solution-driven approach to problems.
Bachelor’s Degree in a related field and 5+ years of Information Security experience.
2+ years of experience leading a team or program.
Experience with Risk Management as it relates to data and / or Information Security.
One or more industry security certifications (CISSP, CISM, or CRISC).
As an equal opportunity employer, WGU recognizes that our strength lies in our people. We are committed to diversity.