Nationwide Consultant, IT Risk Mgmt - Information Security Professional in Harleysville, Pennsylvania


*An exciting opportunity to make a significant difference at Nationwide! The successful candidate will primarily be responsible for lowering enterprise risk by providing consulting for Commercial Lines Solutions. The opening resides within the Information Risk Management (IRM) area, inside the Information Security practice. The successful candidate will be responsible for managing risk to an acceptable level for the CLS Business Solution Areas (BSA) through:

  • Engagement in projects and security consulting requests for the BSA's and completing related technical security and control assessments

  • Proactively identifying, consulting, mitigating, and reducing risk

  • Guiding development of solutions to mitigate and/or reduce risk.Partner closely with Architecture, Infrastructure and BSA's to creatively resolve issues as appropriate to their risk profile

  • Thought leadership to improve IRM capability and ensure the Nationwide Information Security Policy is understood and adhered to

  • Leading or deploying security projects & initiatives for IRM

  • Communication of risk posture, security metrics and security issues to the BSA leadership

  • Requires executive presence and managerial courage

  • Become embedded in the IRM and Information Security industries to understand trends

  • Relationship management for BSA for Information Risk Management

  • Evaluate and support the secure movement of business IT Assets into IT

With full competency, conduct risk assessment tests and evaluations on systems and architecture solutions to ensure operation in accordance with information security control requirements and identification of vulnerabilities. Creates and produces complex IT security architecture and engineering solutions to translate user requirements to solutions. The successful candidate will have some of the following characteristics:

  • 8-12 years’ work experience in information security

  • Extensive knowledge of Cybersecurity domains and current threat landscape

  • Demonstrated experience and knowledge of infrastructure (network, operating systems, databases, etc.), identity access management, information protection and application development

  • Experience with and knowledge of quantifying risk and as well as providing examples of using risk assessment thinking and frameworks

  • Experience integrating security functional requirements into existing project life cycle phases, milestones, and deliverables

  • Experience and knowledge with architecture, implementation, operation, and report generation of Cybersecurity tools

  • Cloud computing and mobile security experience is a plus

  • Knowledge of and ability to assess compliance to security controls/best practices

  • Demonstrated experience with relationship building, ability to influence without authority, communication and presentation skills are critical

  • Experience in regulatory, audit and continuity management is a plus

  • PCI experience is a plus

  • CISSP, and or SANS certifications preferred

  • Undergraduate degree in Computer Science, Mathematics or Engineering fields preferred

  • Financial or Insurance business acumen

This position will be based in Nationwide’s Harleysville office.*

JOB SUMMARY: Serves as an expert in a specific aspect of information risk management. Undertakes the most complex projects requiring additional specialized technical and/or business knowledge. Makes well-thought-out decisions on the most complex or ambiguous information risk management issues. Provides mitigation solution oversight and direction for enterprise-wide risk technology. Ensures high-level integration of applications and business processes with information risk management policies and strategies.Identifies, evaluates, conducts, schedules and leads analyses functions to ensure all applicable information risk requirements are met. Provides analysis of requirements necessary to ensure the confidentiality, availability and integrity of information where it is processed, stored, or transmitted by the business and IT systems while balancing performance and cost factors calculated into solutions/recommendations.REPORTING RELATIONSHIPS: Reports to: Manager/DirectorCORE DUTIES AND RESPONSIBILITIES: 1. Serves as a technical expert in one or more aspects of information risk for a business segment or function to ensure the protection of information processed, stored or transmitted and availability of business processes.2. Consults on complex information risk management projects. Serves as an expert in the planning, engineering, development, implementation and administration of information risk systems through the use of controls, procedures, measurements and strategies to prevent unauthorized access, modification, disclosure, misuse, manipulation, or destruction of systems, networks, applications and data 3. Provides technical consulting efforts towards the development and implementation of information risk strategies in alignment with their respective business unit and IT initiatives. Assists in the development and implementation of information risk policies, procedures, processes and programs to ensure availability, confidentiality, integrity, authentication and nonrepudiation.4. Consults on one or more highly specialized phases on information risk management which many include hardware/software testing and evaluation, information risk education and awareness, incident response, policy and standards development, risk assessment and mitigation solutioning. Responsibilities include developing solutions for use within an enterprise environment as well as application & business specific needs. The consultant is responsible for examining and delivering the strategies and architecture that can be leveraged from a functionality and cost value perspective.5. Provides vision, expertise and technology-based solutions for long range planning in the area of information risk management. Viewed as an expert in information risk management6. Assists in the establishment of the overall framework for the protection of Nationwide information assets through architecture, policies, standards, risk assessments, monitoring, certification and technology.7. Tests and evaluates the most complex business processes and/or IT systems to ensure operation in accordance with information risk management requirements. Defines and implements information risk management requirements in alignment with the overall business plan.8. Provides mitigation solution oversight and direction for enterprise-wide information risk management technology. Assists in long-term strategic planning activities for the development and implementation IS risk architecture and technology guidelines.9. Undertakes complex information risk projects involving multiple disciplines and may impact multiple business units. Responsible for the selection, direction and performance of information risk management projects. Responsible for change management, configuration management, performance analysis, physical planning, national vendor management, inventory control, technical standards, procedures, and product evaluations.10. Acts as a source of direction, training, and guidance for less experienced staff. Monitors project schedules and costs.11. Performs other duties as assigned.MINIMUM JOB REQUIREMENTS:Education: Undergraduate studies in computer science, management information systems, or related field is strongly preferred. Graduate studies in a technical or business discipline is preferred.Knowledge: Must have thorough knowledge in risk components, principles, procedures and practices. Must have proven knowledge in information controls and audit methodology for business systems and data processing environments. Must have a broad knowledge in information technology and risk trends. Must have an in-depth understanding in insurance and financial services business models and operations. Demonstrated knowledge of project management concepts and techniques required.Certification/ Designation: (See role guide)Experience: Eight years of progressive work experience in information risk and/or information systems audit. Three years of experience in project management is preferred.Skills: Must have the ability to conduct the most complex risk operations, risk assessment, and/or engineering projects. Must have the ability to develop and implement strategies and make risk recommendations to management. Must have the ability to assist in the development and implementation of risk processes, procedures, and programs. Must possess project leadership capabilities. Must be able to interpret the most complex information risk issues and present recommendations to management. Must have strong project and process management skills. Must have excellent verbal and written communication skills to interact with all levels of staff, management (executives and Board of Directors), and external sources.Values: Regularly and consistently demonstrates the Nationwide Values and Guiding Behaviors.Staffing Exceptions: Staffing exceptions to the above minimum job requirements must be approved by the: Vice President and Human Resources.JOB CONDITIONS:Overtime Eligibility (FLSA) : Not Eligible (exempt)Working Conditions: Normal office environment. Non standard and/or extended work hours as required.ADA: The above statements cover what are generally believed to the principal and essential functions of this job. Specific circumstances may allow or require some associates assigned to the job to perform a somewhat different combination of duties.Job Evaluation Activity: Created April 2010 JDC/JLJob Family/Function: MIS/TRM