The Technical Information Security Leader & Consumer Data Manager role is accountable for the technical expertise and implementation of security capabilities and partner with the Business Information Security Leaders (BISL) to deliver and execute the Information Security strategy choices and projects in the Information Security action plan, and also putting extra focus on being responsible for developing consumer data standards and governing compliance.
Background
Robust Information Security governance and controls, including Cyber and related Physical Security controls, are core to P&G's future success. In one hand, the cyber threats continue to evolve, and P&G is not exempt from attacks. In another hand, Consumers are actively seeking relationships with brands that demonstrate the same commitment to privacy and security as they do. This has implications for our overall business model; and P&G leaders up through our Board of Directors are more Information Security aware and concerned than ever before.
Role Responsibilities
- Lead and drive technical expertise connection with business needs and the broader Information Security organization to address those needs.
- Interface across the organization with other teams, such as system operations, infrastructure, auditors, security personnel etc.
- Managing and coordinating the application owners to ensure that information security systems implemented meet the requirements, engage with application managers and execute Application/ iRISK vetting and controls verification for applications.
- Coordinating with partners the development and delivery of an information security training and awareness program to meet particular needs, and be P&G Information Security policy and standards ambassador and contribute to development as vital.
- Engage and assess security capabilities of critical third parties, including contracts and associated risks profile and security interventions for remediation.
- Use on Information Security capabilities as significant solutions and drive Fist Line of Defense accountability. Use testing results like pen testing, vetting tools as a primary source of data to act on for risk mitigation, gap elimination and vulnerability identification/remediation, actively participate in Information Security Incident Response.
- Conduct identification assessments and work with the business to complete attestation and security reviews on a yearly basis, or more frequently.
- Consumer privacy incident escalation to help operations in resolving incidents that require a higher level of data knowledge and expertise.
- Consumer data retention design and ensuring P&G's compliance to it.
- Working with the Consumer Data Architect in creating consumer data standards and governing compliance.
- Defining consumer data quality/sufficiency measure to become requirements for operational scorecarding and monitoring.
- Consult with the business on the right technical marketing program design to accomplish their strategy.
- Input into IT consumer data environments end-to-end processes & platform improvements.
- Consult on and lead interface setups in consumer data environment.
- PII data extract approvals for both recurring and ad-hoc as well as execution of some ad-hoc extracts.
- General consumer database gatekeeper.
- Business unit consulting on consumer data platform functionality.
Qualifications
- Bachelor's degree or above. Experience with 35 years of relevant Information Security experience and/or Consumer Data Management, strong risk analysis and problem-solving skills, project management skills
- Experience and Subject Matter Expertise with infrastructure, application technologies and Data Management (DAMA), esp. Database (MS SQL and Oracle) and Middleware (Webserver, Appserver, and messaging technologies), and/or development of application with security requirements. Experience with operating systems and network infrastructure is highly desirable.
- Technical skills (Google Analytics/GTM, Data Management Lifecycle)
- Experience with two or more technical information security program areas, including vulnerability assessment, secure server builds; risk assessment, system security, identity and entitlement management and provisioning solutions, incident management or other management field is preferred. Experience with Information Security controls and ability to manage control practices. Audit experience and exposure is a plus.
- Industry certifications are highly desired, such as Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Microsoft Certified Solution Associate (MCSA), Cisco Cyber Security Specialist (SCYBER), and Certified Data Management Professional (CDMP)
