Vacancy expired!
Aon is looking for Manager- Information Security{ Policy Framework and Policy Exception Management}
About Aon Aon plc (NYSE: AON) is the leading global provider of risk management, insurance and reinsurance brokerage, and human resources solutions and outsourcing services. Through its more than 66,000 colleagues worldwide, Aon unites to empower results for clients in over 120 countries via innovative and effective risk and people solutions and through industry-leading global resources and technical expertise. Aon has been named repeatedly as the world's best broker, best insurance intermediary, best reinsurance intermediary, best captives' manager, and best employee benefits consulting firm by multiple industry sources. Visit aon.com for more information on Aon and aon.comSecurity Risk Management At Aon, we are taking a much more progressive approach to information security incorporating it within the fundamental design decision of technology architecture and governance. Our goal is to evolve Aon's security risk capabilities by integrating security into our technology systems design process and operational delivery. This will greatly accelerate the firm's ability to anticipate and respond to the threat of cyber risk and provide secure platforms for business growth and innovation.This role can be located in Chicago, New York, Florida, Texas or virtual/hybrid Chicago ,New York or Florida,Texas regions.NB. This is dependent on role and aligns with in country smart working policy.Responsibilities:- Enhance Aon's Policy Framework (Policy Structure Review and Update)
- Enhance and Operationalize Governance Document (Policy, Standard and Procedures) Lifecycle Management Process.
- Enhance and Operationalize Policy Exception Management Process (Security Exceptions)
- Prepare and Present Risk Dashboards and Program Level Performance Reporting
- Enhance and Operationalize Aon's Security Control Framework (Control library Update)
- Provide Support to IT, Cybersecurity, HR and other groups in implementation of Control Framework in line with information/cyber security management system processes.
- Periodic review of policy structure that includes alignment of governance documents (Policies, Standards, Procedures, and Security Baselines) with ERM and changing security landscape.
- Ensure governance documents are well-aligned with the Aon security control library, applicable regulations, and industry standard methodologies.
- Review security policy exceptions and handle the Aon policy exception lifecycle as per defined Policy Exception Process (PEP).
- Support internal or external audits and provide responses to client queries/RFP etc.
- Provide vital support to Aon colleagues pertaining controls and policy management functions.
- Provide support to other groups i.e., Technology, HR etc. to implement ERM framework and Policy Structure within Aon.
- Responsible to complete the security exception intake that includes request validation, request completeness, exception risk assessment and reviewer's assignment in line with the Policy Structure and Aon control requirements.
- Handle exception lifecycle, regular follow-up or cadence with requestors, reviewers, remediation owners and risk owners.
- Prepare and disseminate exception reports to highlighting the Key Risk (KRIs) and program performance (KPIs)
- Identified gaps in policy or the control's environment provide experienced advice on new control and policy requirements.
- Integrate new laws, statutes, standards, and regulatory into control framework and support periodic or regular library refresh activities.
- Enhance Aon's security and technology control library, including control criteria, Defining Risk Asset Hierarchy, Defining Assessment Attributes and Mapping with Policy Framework etc.
- Update content of Aon's control library to industry recognized standards (COBIT, ISO, NIST, etc.)
- Alignment with ERM Framework
- Liaison with global IT leads, internal audit, other cyber and regulatory function to discuss the Aon control framework and Policy Framework
- Good knowledge of Policy and Control frameworks; Policy exception lifecycle management.
- Good Knowledge and understanding of interaction between Control, Policy and Risk Framework.
- Sound knowledge of risk management, technical control design and methodologies
- Good understanding of implementing (develop & maintain) information/cyber security and technology Controls and analyzing or evaluating the associated Risks.
- Advance knowledge of IT and Security policies
- Knowledge of risk management processes, including steps and methods for assessing risk
- Knowledge of SOx, HIPPA, FCA, PII, PCI, SOC 1 & 2, ISO27001 requirements
- Able to deliver high quality, accurate work within tight deadlines.
- Knowledge of the organization's enterprise information technology (IT) goals and objectives
- Strong Analytical Skills, Ability to identify business needs and develop solutions
- Strong Written and verbal English proficiency
- Excellent engagement and communications skills
- GRC framework use/design/implementation would be a plus.
- Bachelor's and/or master's degree in Computer Science, Information Systems, Cyber Security or related field
- Professional certifications like CISM, CRISC, CISA, CISSP would be a plus
- Professional Experience Overall 10+ years of total experience with 5+ years of core experience on skill requirements above