IT Security Associate Director, Compliance

We have an amazing opportunity for an Associate Director of Compliance and Assurance, available within our Global Business Services division! Wolters Kluwer Global Business Services (GBS) is designed to provide services to the business units in the areas of technology, sourcing, procurement, legal, finance, and human resources. These global centers promote team collaboration using the best practices around a specific focus area to drive results and enhance operational efficiencies. There is a constant endeavor to benchmark against best-in-class industry standards to improve the quality of deliverables, increase cost savings, enhance productivity, and reduce time to market for products and applications. The Associate Director will be working with a team to manage our Compliance and Assurance program that helps our Divisions and Business Units in their efforts towards achieving self- or third-party attestation or authorization, such as FedRAMP, GovRAMP, NIST 800-53, NIST 800-171, and others to name a few, as the business needs dictate.

The Associate Director will drive the efforts with both internal project teams as well as internal / external groups to ensure successful Authority to Operate (ATO) or self-attestation outcomes for any Wolters Kluwer asset(s) pursuing these attestations or authorizations. In addition to the pursuit of these attestations / authorizations, the Associate Director will oversee the responsibilities of four professionals dedicated to supporting RAMP / NIST authorizations and assessments for Wolters Kluwer’s businesses. The Associate Director will work proactively with internal Subject Matter Experts (SMEs) to process the design, build, and document FedRAMP / GovRAMP / NIST controls, processes, and procedures that would not only resolve the findings / observations identified from the current authorizations / assessments but would prevent future reoccurrence.

The Associate Director will be accountable to ensure that all documentation meets FedRAMP / GovRAMP / NIST standards. The Associate Director must have extensive experience in regulations and standards from the Financial Services, Health, and Legal industries to assist WK internal teams in interpreting the requirements from these sectors, as well as provide control guidance on how to meet the obligations of the requirements from these Regulations and Standards. The Associate Director must have and will be required to maintain a deep understanding of U.S. federal government and state government direction and policies especially as it relates to cybersecurity. The Associate Director is expected to have and maintain extensive knowledge of FedRAMP, GovRAMP, DoD Cloud SRG, NIST 800-53 and related publications, FISMA, FIPS standards, and technical / operational requirements.

Essential Duties and Specific Responsibilities:

Project Execution Responsibilities:

• Responsible for ensuring that technical requirements are well understood, and controls are designed to operate effectively to maintain ongoing compliance.
• Serve as the technical compliance subject matter expert (SME) in providing guidance to the IT and Business team on compliance solutions.
• Escalates issues to the appropriate level of management as necessary and ensures appropriate remediation is implemented and prevents the reoccurrence of the issue. Responsible for developing and maintaining assessment templates for executing reviews and baseline of the company security compliance status.
• Collaborate with peers across IT and business teams to align compliance strategies with organizational goals.
• Evaluating compliance risks in business operations and providing recommendations based on risk and impact to the overall business.
• Ensure the appropriate metrics are measured to the effectiveness of the security compliance program.

Compliance Oversight and Responsibilities:

• Research solutions for complex business and technical processes and provide options management for decision.
• Educating control owners and business partners on RAMP / NIST requirements.
• Ensuring that controls are properly defined, assigned to owners, and are integrated into the compliance and assurance work program.
• Collaborate with technical operations and engineering teams to ensure that appropriate controls are implemented to meet the objectives of the specified requirements.
• Conduct gap analyses to identify areas that require attention, including security measures implemented to address cyber threats.
• Engage closely with control owners associated with the Products to prepare for potential audits and legal or regulatory requirements related to compliance.

Third-Party Assurance Management Responsibilities:

• Coordinates with internal and external auditors to ensure that all assessments are executed smoothly.
• Reviews audit findings and work with relevant departments to address identified gaps and vulnerabilities.
• Develop an assessment schedule that aligns with business needs and regulatory requirements.
• Provides the Director of Compliance and Assurance with insight into authorizations, attestations, and audit outcomes and implications.
• Ensure that assessment reports are thoroughly documented and securely stored for future reference.

Accurate and Timely Reporting Responsibilities:

• Consolidating data from projects and various activities performed by the Compliance and Assurance function across the organization into a holistic view for management reporting.
• Developing and presenting weekly and monthly reports to the Director of Compliance and Assurance, outlining achievements, challenges, and plans.
• Analyzing trends in observations from external audits, authorizations, internal assessments, and other sources of issues to inform and influence mitigation and remediation strategies.
• Customizing reports for different assessments from the teams and report to the Director of Compliance and Assurance.
• Ensuring the timely communication of critical gaps identified from audits, assessments, attestations, etc. to management.

Leadership Responsibilities:

• Creating audit / authorization / assessment plans as required for different regulatory or standard’s needs.
• Assist in recruiting, training, and mentoring team members to ensure they are aligned with the Compliance and Assurance function’s goals.
• Assign tasks based on the strengths and expertise of individual team members.
• Evaluating projects and team performance through KPIs and other metrics.
• Promoting security relationships between internal resources and external entities, including government, vendors, and partner organizations, within the boundaries of applicable WK policy and regulatory requirements.

JOB QUALIFICATIONS

Required Qualifications/Experience:

• Bachelor’s or master’s degree in information system management, Computer Science, Cybersecurity, Risk Management or equivalent. A master’s degree in business administration is a plus.
• Proven project / program management experience. Prior project management certification a plus.
• Proven workflow / process management experience.
• 14+ years in-depth knowledge and experience of compliance and audit with FedRAMP, GovRAMP, NIST security frameworks, U.S. federal laws / regulations, U.S. state laws and regulations.

Travel requirements:

• Domestic travel less than 25% of work time
• Ability to travel independently
• Ability to travel by air

Benefits:

A comprehensive benefits package that begins your first day of employment. Additional Information: Wolters Kluwer offers great benefits and programs to help meet your needs and balance your work and personal life, including Medical, Dental, & Vision Plans, 401(k), FSA/HSA, Commuter Benefits, Tuition Assistance Plan, Vacation and Sick Time, and Paid Parental Leave. Full details of our benefits are available - https://www.mywolterskluwerbenefits.com/index.html

Applicants may be required to appear onsite at a Wolters Kluwer office as part of the recruitment process.