We’re the obstacle overcomers, the problem get-arounders. From figuring it out to getting it done… our innovative culture demands “yes and how!” We are UPS. We are the United Problem Solvers.
The Information Security and Privacy Manager provides guidance, leads, and performs a broad range of complex technical and professional work activities to identify, investigate, analyze, and remediate information security risks. This position advises on best practices, effectiveness of security controls, risk management and control gaps, process improvements, and solutions through security governance processes. He/She monitors Information Technology security controls and service continuity to protect enterprise and information assets. This position collaborates with colleagues and stakeholders to develop secure business solutions. He/She provides training for colleagues, oversees work, allocates resources, and maintains knowledge on emerging technologies.
The Information Security and Privacy Manager will also manage global privacy and data protection activities including monitoring privacy regulations, maintaining compliance with privacy regulations and policies, and developing privacy communications and training programs. In addition, the Information Security and Privacy Manager is responsible for supporting privacy governance groups including the Information Security and Privacy Governance Council and its related committees. Also, he/she will coordinate cross functional privacy initiatives with key functions, which include but are not limited to Legal, Compliance, Internal Audit and Human Resources.
Responsibilities and Duties:
Security and Privacy Program Management
Lead the development and updates to information security and privacy policies to ensure the protection of corporate data against unauthorized use, access, modification, disclosure, and deliberate or inadvertent destruction
Develop security and privacy operating procedures, playbooks and practices
Design risk management communications, training and awareness program
Maintain documentation library for security and privacy-related procedures, playbooks and practices
Manage investigations of security incidents (e.g., problems, breaches, unauthorized access, crises, critical situations, non-compliance with UPS policies, etc.) to maintain effective security controls and service operations
Manage project life cycle (i.e., project scope, resources, schedule, budget, initiation, start-up, design, building, and deployment) to see security projects from beginning to end
Provide expertise on matters related to application security policy, security implementation, and access controls for the business unit’s applications
Generate security, privacy, and compliance metrics that are meaningful and actionable
Security and Privacy Compliance
Implement and monitor the compliance with policies, standards, procedures, and practices that regulate the holding, use, and disclosure of UPS business data to ensure compliance
Ensure the business unit’s proactive compliance with all regulatory-mandated security requirements (e.g., NYDFS CRR 500, SOX, PCI, GDPR)
Design and execute IT control tests to assess adequacy, operational effectiveness, and adherence to UPS policies, procedures and standards
Monitor and research industry directives and legislation to identify leading practices for protecting UPS information assets and ensure compliance
Facilitate responding to privacy requests and maintain accurate and thorough documentation of issues, responses, and resolutions
Security and Privacy Risk Management
Perform IT security risk and privacy assessments to identify security and privacy risks, including changes to systems and/or applications, process improvement initiatives, supplier assessments and other requests from the business
Review risk findings and gap analysis reports for accuracy and effectiveness for elements related to security and privacy compliance
Research and develop remediation recommendations for security and privacy compliance activities found needing improvement
Work with auditors and technical resources to support internal and external audit requirements
Track confirmed audit findings/issues and work with business partners and stakeholders to develop corrective action plans to address findings or implement mitigating security and privacy controls
Assist with creating regular compliance reports for technology and process owners and communicate results with stakeholders
Manages and Develops Others
Develop Team Members (e.g., Performance reviews, Career Development, Training, Staffing, etc.) to ensure the day-to-day administration of processes and formal procedures
Knowledge and Skills
Apply in-depth knowledge of products, services, and systems; work cross functionally to understand and articulate business processes (e.g. system requirements, training) for systems; apply analytical skills and advances recommendations on alternative solutions with different cost / benefit equations and tradeoffs; coach others in developing creative, workable solutions to complex system issues; coach others in the development of logical business cases; evaluate impact of solution on service, cost, and quality
Analyze information on incidents to determine causes and document findings; identify patterns or trends among incidents; determine next steps required by type of incident; recommend new approaches to incident investigation and response
Define processes and practices for evaluating new technologies and potential business value
Coordinate with IT and business stakeholders to implement disaster recovery plans; lead and prioritize recovery plans during emergencies; evaluate internal and external backup facilities and providers
Monitor and evaluate enterprise experiences with new technology
Maintain knowledge of current technologies through user and vendor associations
Experience working in a cloud-computing environment such as Azure, GCP, etc.
5-7 years of Information Security working experience
At least one of the following Information Security Certifications (CISSP, CAP, CISA, CCSP, CRISC)
Bachelor's/Master's degree in Computer Science or related discipline, or the equivalent in education and work experience - Preferred
This position offers an exceptional opportunity to work for a Fortune 50 industry leader. If you are selected, you will join our dynamic technology team in making a difference to our business and customers. Do you think you have what it takes? Prove it! At UPS, ambition knows no time zone.
UPS is an equal opportunity employer. UPS does not discriminate on the basis of race/color/religion/sex/national origin/veteran/disability/age/sexual orientation/gender identity or any other characteristic protected by law