IT Security Associate Director - Security Governance Lead

Hybrid Locations: USA-NY-New York-Liberty St, USA-CO-Denver-South Syracuse St, USA-DE-Wilmington-Orange St, USA-FL-Tampa-West Boy Scout Blvd, USA-GA-Kennesaw-Chastain Meadows Ct NW, USA-IL-Chicago-West Adams St, USA-MA-Waltham-Third Ave, USA-MD-Baltimore-West Pratt Street, USA-PA-Philadelphia-Market St, USA-TX-Austin-Brazos St, USA-TX-Coppell-Rombauer Rd, USA-TX-Houston-Allen Pkw

Wolters Kluwer is looking for an accomplished and experienced IT Security Associate Director - Security Governance Lead to join our Strategic Security Services team within Global Information Security. This critical role will oversee and improve our global IT & Cybersecurity Governance, Risk, Regulatory Change, Metrics, and Reporting functions. You will have expertise in governance, risk management, and compliance, with experience navigating multiple security frameworks, leading complex technical programs, and advancing IT risk and control capabilities. The IT Security Associate Director will report to the head of Strategic Security Services.

Key Responsibilities:

• Lead comprehensive cybersecurity governance, risk management, and compliance projects.

• Develop and refine policies, standards, and procedures to ensure understanding of main control frameworks.

• Monitor and anticipate regulatory changes, promoting knowledge sharing, readiness analysis, and compliance reporting.

• Establish and maintain cybersecurity metrics, KPIs, and KRIs for senior leadership and both technical and non-technical partners.

• Serve as a liaison between senior leadership and technical teams, effectively translating complex security issues into strategic business risks and objectives.

• Promote the development and implementation of a Common Controls Framework for IT & Security risk management, aligned with sources such as NIST 800-53, NIST CSF, ISO 27001, DORA, GDPR, PCI DSS, and others.

• Provide expert guidance to enhance critical IT Risk management capabilities, including control taxonomy development, GRC tool deployment, and the expansion and maturation of risk treatment programs.

• Analyze cross-functional security indicators to identify thematic risks and trends and contribute to the formulation of both annual and multi-year strategies that balance business needs and industry best practices.

• Support delivery of technical programs spanning Identity and Access Management (IGA/CIEM/Privileged Access), Security Operations, Application Security, Cloud Security, and other security domains.

• Provide risk-based consultative feedback and identify technical issues across main technology and security domains.

Required Skills

• Extensive knowledge and practical experience with security frameworks and compliance requirements.

• Proven leadership experience in managing teams and/or program delivery.

• Strong expertise in cybersecurity governance, risk management, and IT audit processes.

• Comprehensive experience with risk assessment, control development, control testing, and operational risk management practices.

• Strong background with key technical domains, capabilities, concepts, and broad operating environments including but not limited to; Identity and Access Management, Cloud Security, Cyber Operations, Threat Intelligence, Vulnerability Management, (ex. IGA, CIEM, CSPM, AI-SPM, DSPM, JIT, PAM), and Hybrid Cloud environments.

• Exposure to emerging technologies and future-state threats and experience developing strategies and capabilities to mitigate them (ex. Post Quantum, Generative AI).

• Experience working with and/or managing contractors / third-party providers as well as experience drafting and reviewing RFPs and responses.

• Experience building programs and capabilities based on leading-edge controls frameworks, standards, and methodologies (FedRamp, HITRUST, OWASP, MITRE etc.).

• Demonstrated ability to develop, implement, and manage security policies, standards, and metrics.

• Experience with presenting to senior executives, regulators, and non-technical stakeholders.

• Excellent communication skills, with the ability to distill technical issues into clear and actionable business risks.

• Preferred certifications: CISA, CISSP, CRISC, CISM, CEH, CCNA, etc.

• Written, oral, and presentation skills.

• Strategic thinker with a demonstrated ability to manage and deliver complex projects and programs independently.

• Strong influencing skills, capable of driving change and executing sophisticated strategies.

Qualifications:

• Bachelor’s degree in Information Technology, Computer Science, Cybersecurity, or a related field.

• At least 7+ years of experience in cybersecurity, risk management, IT governance, and regulatory compliance.

• 5+ years of experience developing control frameworks and working with technology teams to implement technical controls guidelines and solutions.

• Experience with highly regulated industries is required, experience within highly regulated industries is preferred.

Benefits:

Diversity Matters

Wolters Kluwer strives for an inclusive company culture in which we attract, develop, and retain diverse talent to achieve our strategy. As a global company, having a diverse workforce is of the utmost importance. We've been recognized by employees as a European Diversity Leader in the Financial Times, as one of Forbes America’s Best Employers for Diversity in 2022, 2021 and 2020 and as one of Forbes America’s Best Employers for Women in 2021, 2020, 2019 and 2018. In 2020, we placed third in the Female Board Index, and were recognized by the European Women on Boards Gender Diversity Index. Wolters Kluwer and all of our subsidiaries, divisions and customer/departments is an Equal Opportunity / Affirmative Action employer

Compensation:

Additional Information:

Wolters Kluwer offers a wide variety of competitive benefits and programs to help meet your needs and balance your work and personal life, including but not limited to: Medical, Dental, & Vision Plans, 401(k), FSA/HSA, Commuter Benefits, Tuition Assistance Plan, Vacation and Sick Time, and Paid Parental Leave. Full details of our benefits are available upon request.