Volkswagen Group Services GmbH
Sr Mgr, Information Security & IT GRC
Volkswagen Group Services GmbH, Reston, Virginia, United States, 22090
Volkswagen Financial Services, a wholly‑owned subsidiary of Volkswagen Group, is the trusted key to mobility for its brand partners. We are committed to supporting the Audi, Ducati, and Volkswagen brands and their Dealers, specializing in providing accessible mobility solutions for its Customers. The company’s offerings include Retail Leasing, Retail Financing, Commercial Financing for new and used vehicles, and End‑of‑Term vehicle disposition.
Brief Role Description This position is Career Level 30L
and is Home Based, with a Role Classification of Fully Remote .
Role Summary The Sr. Manager of Information Security and IT GRC (Governance, Risk and Compliance) serves a critical and influential leadership position responsible for the planning, oversight and management of the Information Security Program to protect the confidentiality, integrity and availability of corporate and client information. The IT GRC Sr. Manager is responsible for directly managing the enterprise wide IT GRC team and makes strategic risk‑based decisions enabling the achievement of business objectives and operational excellence. Leads the team that builds and deploys common governance, risk, and compliance processes, controls, conducts audits, and ensures that technologies and business operations are structured and configured for data protection and compliance. Reporting directly to the CISO and functioning as Deputy CISO, this role owns and maintains the IT compliance program, technology risk assessment program, data governance program, cyber awareness training program, business continuity disaster recovery program and third‑party risk program.
Responsibilities within this Role Leadership and Management
Oversee all activities that address technological governance, risk and compliance
Understand, advocate and communicate company objectives, vision and strategy to staff to ensure contribution towards achieving VCI’s goals
Develop productive relationships with Business Unit leaders across the organization to influence how applications/technology solutions can enable new sources of value
Establish and monitor individual team member objectives and competencies in alignment with Talent Management practices
Information Security and IT GRC Strategy and Delivery
Design and develop the enterprise Governance, Risk and Compliance strategy and roadmap that cost‑effectively meets the needs of the business as a whole
Oversee and mentor front line managers leading risk assessment processes using internal VW Group and industry standard frameworks and regulatory requirements including ITMS, ITSP2, GISP, NIST CSF, NYDFS, GLBA, FFIEC, CCPA, Quebec Privacy and Financial Services and US and Canadian Privacy Guidelines for FinTech Companies
Data Governance:
Work with stakeholders to ensure data governance activities are effectively carried out and act as a principal stakeholder on data governance committees and working groups
IT Compliance:
Oversee the team to facilitate and manage Internal and External Audits including supporting the Business Units with gathering of evidences and coordination of on‑site examinations
Direct the IT GRC team to conduct ongoing relationships with information and business owners on security issues and practices, monitoring compliance, and preparing and enforcing policies
Vendor & Third-Party Risk:
Maintain compliance reporting program and remediation tracking team to convey and influence compliance status of all relevant vendor and third‑party relationships
Business Continuity & Disaster Recovery:
Develop detailed and holistic incident response plans which include training and exercising developed plans, implementing the use of technology for emergency use and ensuring partnership with internal and external partners
Validate IT key systems and services to identify continuity risks, analyze root causes and trends in potential control weaknesses; suggest new controls to meet requirements where applicable
Lead collaboration with internal teams to incorporate targeted security centered communications for various platforms and topics
Assist in the promotion of a compliance culture that encourages an “open door” policy for staff to seek clarification on compliance matters.
Budgeting, Finance and Administration
Responsible for the day-to-day management of the IT GRC products and services including staffing, budgeting and other relevant management functions — and is required to hold each risk and compliance delivery team accountable for optimizing the cost, risk and value of solutions and products throughout the product life cycle
Qualification requirements
12+ years of experience in governance, risk and compliance with responsibility of a $5M budget or greater
7+ years of experience in management role, managing a high performing team of employees in Information Security Risk and Compliance frameworks, such as SOX‑ITGC, PCI, ISO 27001/27002, NIST CSF, GDPR, CCPA, etc., for financial services or similarly regulated industries
Required Education:
B.S. in Information Technology, Computer Science (or related field)
Required Skills:
Proven ability to lead and direct risk project teams in both traditional and agile development methodologies (XP, CI/CD, TDD, SAFe Agile)
Strong knowledge and experience in all facets of risk management; able to articulate how it applies to business
Strong background in third party risk management
Knowledge of agile and secure software development lifecycle processes and collaboration tools
Knowledge of effective cyber education, awareness and training
Volkswagen Financial Services is an Equal Opportunity Employer. We welcome and encourage applicants from all backgrounds, and do not discriminate based on race, sex, age, disability, sexual orientation, national origin, religion, color, gender identity/expression, marital status, veteran status, or any other characteristics protected by applicable laws.
This role description is a guideline and does not create contractual rights between the Company and any of its applicants. The Company does not enter into any type of employment contract, implied or written, with its applicants regarding job security.
This Organization participates in E‑Verify. We maintain a drug‑free workplace and perform pre‑employment substance abuse testing.
We are the key to mobility - become a part of this exciting journey now! Discover a variety of tasks and new challenges. Together we will implement exciting projects and reshape the future of mobility.
In case of further inquiry please provide the Job‑ID as reference number.
#J-18808-Ljbffr
Brief Role Description This position is Career Level 30L
and is Home Based, with a Role Classification of Fully Remote .
Role Summary The Sr. Manager of Information Security and IT GRC (Governance, Risk and Compliance) serves a critical and influential leadership position responsible for the planning, oversight and management of the Information Security Program to protect the confidentiality, integrity and availability of corporate and client information. The IT GRC Sr. Manager is responsible for directly managing the enterprise wide IT GRC team and makes strategic risk‑based decisions enabling the achievement of business objectives and operational excellence. Leads the team that builds and deploys common governance, risk, and compliance processes, controls, conducts audits, and ensures that technologies and business operations are structured and configured for data protection and compliance. Reporting directly to the CISO and functioning as Deputy CISO, this role owns and maintains the IT compliance program, technology risk assessment program, data governance program, cyber awareness training program, business continuity disaster recovery program and third‑party risk program.
Responsibilities within this Role Leadership and Management
Oversee all activities that address technological governance, risk and compliance
Understand, advocate and communicate company objectives, vision and strategy to staff to ensure contribution towards achieving VCI’s goals
Develop productive relationships with Business Unit leaders across the organization to influence how applications/technology solutions can enable new sources of value
Establish and monitor individual team member objectives and competencies in alignment with Talent Management practices
Information Security and IT GRC Strategy and Delivery
Design and develop the enterprise Governance, Risk and Compliance strategy and roadmap that cost‑effectively meets the needs of the business as a whole
Oversee and mentor front line managers leading risk assessment processes using internal VW Group and industry standard frameworks and regulatory requirements including ITMS, ITSP2, GISP, NIST CSF, NYDFS, GLBA, FFIEC, CCPA, Quebec Privacy and Financial Services and US and Canadian Privacy Guidelines for FinTech Companies
Data Governance:
Work with stakeholders to ensure data governance activities are effectively carried out and act as a principal stakeholder on data governance committees and working groups
IT Compliance:
Oversee the team to facilitate and manage Internal and External Audits including supporting the Business Units with gathering of evidences and coordination of on‑site examinations
Direct the IT GRC team to conduct ongoing relationships with information and business owners on security issues and practices, monitoring compliance, and preparing and enforcing policies
Vendor & Third-Party Risk:
Maintain compliance reporting program and remediation tracking team to convey and influence compliance status of all relevant vendor and third‑party relationships
Business Continuity & Disaster Recovery:
Develop detailed and holistic incident response plans which include training and exercising developed plans, implementing the use of technology for emergency use and ensuring partnership with internal and external partners
Validate IT key systems and services to identify continuity risks, analyze root causes and trends in potential control weaknesses; suggest new controls to meet requirements where applicable
Lead collaboration with internal teams to incorporate targeted security centered communications for various platforms and topics
Assist in the promotion of a compliance culture that encourages an “open door” policy for staff to seek clarification on compliance matters.
Budgeting, Finance and Administration
Responsible for the day-to-day management of the IT GRC products and services including staffing, budgeting and other relevant management functions — and is required to hold each risk and compliance delivery team accountable for optimizing the cost, risk and value of solutions and products throughout the product life cycle
Qualification requirements
12+ years of experience in governance, risk and compliance with responsibility of a $5M budget or greater
7+ years of experience in management role, managing a high performing team of employees in Information Security Risk and Compliance frameworks, such as SOX‑ITGC, PCI, ISO 27001/27002, NIST CSF, GDPR, CCPA, etc., for financial services or similarly regulated industries
Required Education:
B.S. in Information Technology, Computer Science (or related field)
Required Skills:
Proven ability to lead and direct risk project teams in both traditional and agile development methodologies (XP, CI/CD, TDD, SAFe Agile)
Strong knowledge and experience in all facets of risk management; able to articulate how it applies to business
Strong background in third party risk management
Knowledge of agile and secure software development lifecycle processes and collaboration tools
Knowledge of effective cyber education, awareness and training
Volkswagen Financial Services is an Equal Opportunity Employer. We welcome and encourage applicants from all backgrounds, and do not discriminate based on race, sex, age, disability, sexual orientation, national origin, religion, color, gender identity/expression, marital status, veteran status, or any other characteristics protected by applicable laws.
This role description is a guideline and does not create contractual rights between the Company and any of its applicants. The Company does not enter into any type of employment contract, implied or written, with its applicants regarding job security.
This Organization participates in E‑Verify. We maintain a drug‑free workplace and perform pre‑employment substance abuse testing.
We are the key to mobility - become a part of this exciting journey now! Discover a variety of tasks and new challenges. Together we will implement exciting projects and reshape the future of mobility.
In case of further inquiry please provide the Job‑ID as reference number.
#J-18808-Ljbffr