Manager- Information Security{ Policy Framework and Policy Exception Management}

Aon
Chicago, IL
01 Jun 2024

Vacancy expired!

Aon is looking for Manager- Information Security{ Policy Framework and Policy Exception Management}

About Aon

Aon plc (NYSE: AON) is the leading global provider of risk management, insurance and reinsurance brokerage, and human resources solutions and outsourcing services. Through its more than 66,000 colleagues worldwide, Aon unites to empower results for clients in over 120 countries via innovative and effective risk and people solutions and through industry-leading global resources and technical expertise. Aon has been named repeatedly as the world's best broker, best insurance intermediary, best reinsurance intermediary, best captives' manager, and best employee benefits consulting firm by multiple industry sources. Visit aon.com for more information on Aon and aon.com

Security Risk Management

At Aon, we are taking a much more progressive approach to information security incorporating it within the fundamental design decision of technology architecture and governance. Our goal is to evolve Aon's security risk capabilities by integrating security into our technology systems design process and operational delivery. This will greatly accelerate the firm's ability to anticipate and respond to the threat of cyber risk and provide secure platforms for business growth and innovation.

This role can be located in Chicago, New York, Florida, Texas or virtual/hybrid Chicago ,New York or Florida,Texas regions.

NB. This is dependent on role and aligns with in country smart working policy.

Responsibilities:
  • Enhance Aon's Policy Framework (Policy Structure Review and Update)
  • Enhance and Operationalize Governance Document (Policy, Standard and Procedures) Lifecycle Management Process.
  • Enhance and Operationalize Policy Exception Management Process (Security Exceptions)
  • Prepare and Present Risk Dashboards and Program Level Performance Reporting
  • Enhance and Operationalize Aon's Security Control Framework (Control library Update)
  • Provide Support to IT, Cybersecurity, HR and other groups in implementation of Control Framework in line with information/cyber security management system processes.

Details:
  • Aon Policy Framework Enhancement
    • Periodic review of policy structure that includes alignment of governance documents (Policies, Standards, Procedures, and Security Baselines) with ERM and changing security landscape.
    • Ensure governance documents are well-aligned with the Aon security control library, applicable regulations, and industry standard methodologies.
    • Review security policy exceptions and handle the Aon policy exception lifecycle as per defined Policy Exception Process (PEP).
    • Support internal or external audits and provide responses to client queries/RFP etc.
    • Provide vital support to Aon colleagues pertaining controls and policy management functions.
    • Provide support to other groups i.e., Technology, HR etc. to implement ERM framework and Policy Structure within Aon.
  • Aon Policy Exception Process (PEP) Operations
    • Responsible to complete the security exception intake that includes request validation, request completeness, exception risk assessment and reviewer's assignment in line with the Policy Structure and Aon control requirements.
    • Handle exception lifecycle, regular follow-up or cadence with requestors, reviewers, remediation owners and risk owners.
    • Prepare and disseminate exception reports to highlighting the Key Risk (KRIs) and program performance (KPIs)
  • Aon Controls Framework Improvement
    • Identified gaps in policy or the control's environment provide experienced advice on new control and policy requirements.
    • Integrate new laws, statutes, standards, and regulatory into control framework and support periodic or regular library refresh activities.
    • Enhance Aon's security and technology control library, including control criteria, Defining Risk Asset Hierarchy, Defining Assessment Attributes and Mapping with Policy Framework etc.
    • Update content of Aon's control library to industry recognized standards (COBIT, ISO, NIST, etc.)
    • Alignment with ERM Framework
  • Stakeholder Management:
    • Liaison with global IT leads, internal audit, other cyber and regulatory function to discuss the Aon control framework and Policy Framework

    Skill Requirements:
    • Good knowledge of Policy and Control frameworks; Policy exception lifecycle management.
    • Good Knowledge and understanding of interaction between Control, Policy and Risk Framework.
    • Sound knowledge of risk management, technical control design and methodologies
    • Good understanding of implementing (develop & maintain) information/cyber security and technology Controls and analyzing or evaluating the associated Risks.
    • Advance knowledge of IT and Security policies
    • Knowledge of risk management processes, including steps and methods for assessing risk
    • Knowledge of SOx, HIPPA, FCA, PII, PCI, SOC 1 & 2, ISO27001 requirements
    • Able to deliver high quality, accurate work within tight deadlines.
    • Knowledge of the organization's enterprise information technology (IT) goals and objectives
    • Strong Analytical Skills, Ability to identify business needs and develop solutions
    • Strong Written and verbal English proficiency
    • Excellent engagement and communications skills
    • GRC framework use/design/implementation would be a plus.

    Preferred Qualification:
    • Bachelor's and/or master's degree in Computer Science, Information Systems, Cyber Security or related field
    • Professional certifications like CISM, CRISC, CISA, CISSP would be a plus
    • Professional Experience Overall 10+ years of total experience with 5+ years of core experience on skill requirements above

    How we support our colleagues

    In addition to our comprehensive benefits package, we encourage a diverse workforce. Plus, our agile, inclusive environment allows you to own your wellbeing and work/life balance, ensuring you can be your best self at Aon. Furthermore, all colleagues enjoy two "Global Wellbeing Days" each year, encouraging you to take time to focus on yourself. We offer a variety of working style solutions, but we also recognize that flexibility goes beyond just the place of work and we are all for it. We call this Smart Working!

    Our continuous learning culture encourages and equips you to learn, share and grow, helping you achieve your fullest potential. As a result, at Aon, you are more connected, more relevant, and more valued.

    Aon values an innovative, diverse workplace where all colleagues feel empowered to be their authentic selves. Aon is proud to be an equal opportunity workplace.

    Aon provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, age, disability, veteran, marital, domestic partner status, or other legally protected status. Aon is committed to a diverse workforce and is an affirmative action employer. People with criminal histories are encouraged to apply.

    We provide individuals with disabilities reasonable accommodations to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment in accordance with applicable law. Please contact us to request an accommodation on

    Nothing in this job description restricts management's right to assign or reassign duties and responsibilities to this job at any time.

    #LI-NS1

    #DICE 2507934
    • ID: #42072466
    • State: Illinois Chicago 60601 Chicago USA
    • City: Chicago
    • Salary: USD TBD TBD
    • Job type: Permanent
    • Showed: 2022-06-01
    • Deadline: 2022-07-30
    • Category: Security