Senior Director, Information Security and Compliance

Company: John Wiley & Sons, Inc.
Location: Hoboken
Posted on: October 12, 2024

Job Description:

Location: Hoboken, NJ
Our mission is to unlock human potential. We welcome you for who you are, the background you bring, and we embrace individuals who get excited about learning. Bring your experiences, your perspectives, and your passion; it's in our differences that we empower the way the world learns.
The Senior Director of Information Security and Compliance develops and implements comprehensive strategies, policies, and procedures to identify and mitigate risks, ensure compliance with industry regulations, and respond effectively to security incidents.
This role manages a global team accountable for safeguarding the confidentiality, integrity and availability of Wiley's intellectual property and technology products. This includes the management and oversight of the following functional areas: Security Architecture/Strategy, Security Operation Center, Security Engineering, IAM, Application Security, Governance, Risk, Compliance and the eCommerce/Fraud teams.
How you will make an impact:

• 
  
• Function as the IT liaison with senior leaders and Internal/External auditors and consultants on Information Security and regulatory compliance engagements.
  
• Identify, prioritize and implement security strategy, initiatives, establish security goals, and create a roadmap for their implementation that is aligned with Wiley's objectives.
  
• Determine, develop, maintain, and publish corporate-level information security policies, standards, procedures, and guidelines, including incident response and compliance reporting procedures.
  
• Manage a cost-efficient and high performing information security organization, consisting of direct reports and dotted line reports. This includes hiring (and conducting background checks), training, staff development, performance management and annual performance reviews.
  
• Manage the design, implementation, and maintenance of WILEY's Information Technology Compliance Programs (SOX, PCI, eCommerce and Fraud Analytics).
  
• Identify, assess and report on risks, practice and projects to stakeholders across the organization.
  
• Lead regular risk assessments to identify and evaluate potential security threats and vulnerabilities.
  
• Identify vulnerabilities and security weaknesses across the enterprise and drive the resolution and mitigation of found errors/incidents enterprise wide.
  
• Work cross functionally with other departments to implement architectures for systems, networks, and applications. Assist peer managers in understanding security and control deficiencies and responding to internal and external audit reports.
  
• Develop and maintain appropriate security access control for WILEY's information systems, including cloud and on-premise solutions such as WILEY's global environment, i.e., SAP, Workday, and other modules as implemented.
  
• Create and manage a targeted information security awareness training program for all employees, contractors and approved system users, and establish metrics to measure the effectiveness of this security training program for the different audiences.
  
• Develop our Security Incident Response Plan and lead security incident remediation with related cross functional teams. Supervise all investigations relating to security threats, legal discovery, and violation of WILEY security policies and provide on-going communication with senior management.
  
• Work with product teams to incorporate security and privacy by design into our products/services.
  
• Engage in tabletop scenarios, penetration studies, threat analysis, vulnerability assessments, and security audit activities to ensure IT controls and security are effective.
  
• Build and report information security metrics that enable executive leadership to effectively assess performance of security program, controls, risk management, risk mitigation and justify technology investments.
  
• Establish and maintain third-party vendor risk assessment program, including attestations such as SOC Reports, SIG/SIG Lites, HECVAT and similar questionnaires and assessment documentation. Conduct security reviews of potential third-party providers / acquisition targets.
  
• Accountable for monitoring emerging threats and security practices and recommending changes to security / compliance programs as needed. Maintains strong relationships with industry peers, partners, vendors, external agencies, and regulatory bodies.
  
• Provides exceptional customer service experience to internal business partners.
  
  What we look for:
  
  • 
    
  • Expert knowledge of Cyber/Information Security and compliance. Specifically in the areas of security architectures and associated technologies, security operation centers, security engineering, identity governance and administration/identity and access management (IGA/IAM), privilege access management (PAM), application security, governance, risk, compliance (GRC) and eCommerce fraud prevention.
    
  • Working knowledge of cybersecurity technologies covering a global digital ecosystem.
    
  • Direct global leadership experience (ideally in a matrix environment), as well as managing external resources.
    
  • Bachelor degree strongly preferred in Information Security or equivalent. Master degree desirable.
    
  • Has had the opportunity to implement information security strategies, policies, and procedures, ideally in a larger organization / enterprise wide.
    
  • Identifies and measures global information security (GIS) controls on critical business processes or channels.
    
  • Previous senior leadership exposure / comfortable engaging with senior level stakeholders.
    
  • Strategic prowess and ability to see the big picture organizationally; ability to adapt accordingly.
    
  • Strong relationship development skills.
    
  • Self-motivated, ability to work collaboratively across the organization and various domains.
    
  • Solid analytical skills with the ability to solve problems and develop creative solutions.
    
  • Strong organization, problem solving, and presentation skills.
    
  • Excellent communication and interpersonal skills.
    
  • Strong leadership, team management, and negotiation skills.
    
    About Wiley:
    Enabling Discovery, Powering Education, Shaping Workforces. We clear the way for seekers of knowledge: illuminating the path forward for research and education, tearing down barriers to society's advancement, and giving seekers the help they need to turn their steps into strides.
    Wiley may have been founded over two centuries ago, but our secret to success remains the same: our people. We are willing to challenge the status quo, move the needle, and be innovative. Wiley's headquarters are in Hoboken, New Jersey, with operations across the globe in more than 40 countries.
    Wiley is an equal opportunity/affirmative action employer. We evaluate all qualified applicants and treat all qualified applicants and employees without regard to race, color, religion, sex, sexual orientation, gender identity or expression, national origin, disability, protected veteran status, genetic information, or based on any individual's status in any group or class protected by applicable federal, state or local laws. Wiley is also committed to providing reasonable accommodation to applicants and employees with disabilities. Applicants who require accommodation to participate in the job application process may contact tasupport@wiley.com for assistance.
    We are proud that our workplace promotes continual learning and internal mobility. Our values support courageous teammates, needle movers and learning champions all while striving to support the health and well-being of all employees, for example we offer meeting-free Friday afternoons allowing more time for heads down work and professional development.
    We are committed to fair, transparent pay, and we strive to provide competitive compensation in addition to a comprehensive benefits package. This range represents Wiley's good faith and reasonable estimate of the base pay for this role at the time of posting. It is anticipated that most qualified candidates will fall within the range, however the ultimate salary offered for this role may be higher or lower and will be set based on a variety of non-discriminatory factors, including but not limited to, geographic location, skills, and competencies.
    #LI-JG1
    #J-18808-Ljbffr

Keywords: John Wiley & Sons, Inc., White Plains , Senior Director, Information Security and Compliance, Executive , Hoboken, New York