The Sr. Manager, Digital Risk and Governance is responsible for supporting the strategy and direction of the Digital Policy, Risk Management, Data Protection, Cybersecurity Governance, and Awareness and Engagement programs across Digital, the broader enterprise and the intersection with Enterprise Risk Management.
- Directs and defines the Governance and Data Protection initiatives and run workstreams as part of the overall cybersecurity strategy roadmap development, deployment, and socialization.
- Serves as the policy liaison between Legal, the Digital/IT organization, various segments and other customers of the Digital policies.
- Responsible for leading the Digital/IT Risk Management and Policy team, strategy, design, and implementation of our Digital/IT policy creation, evaluation, and review processes. Additionally, this role is responsible for maintaining and enhancing the risk management processes related to IT/Digital, which includes the recurring risk assessments and residual risk processes.
- Develop and implement Cybersecurity Awareness and Engagement Plans to educate and inform stakeholders across Ameren, promoting understanding of cybersecurity risks and best practices to stay safe at work and at home.
- Policy review and development strategies that employs strong collaboration to drive policy adoption to mitigate risks or in order to continue to effectively manage risk with frequent recertification.
- Develops and oversees the creation of high-quality content to inform Executive Leaders, up to and including Ameren’s Board of Directors, on Cybersecurity maturity, emerging threats, and associated risk mitigations.
- Collaborate with security teams to interpret and promote cybersecurity controls and effective delivery of compliance requirements.
- Collaborates with internal and external parties that would influence, impact, or consume existing policies.
- Oversee and direct the recurring risk assessments, walkthroughs, communications, recertifications, and documentation associated with various internal policies and risk and security control frameworks (C2M2, SOX, NERC CIP, NIST’s CSF and 800-53, CIS Critical Security Controls, HIPAA, PCI, Data Privacy and the respective policies and procedures) to promote integrity across our compliance programs and risk mitigation mechanisms.
- Ability to dive into cybersecurity, technical, and architectural details at a granular level within Ameren’s environment and across its supply chain.
- Demonstrated ability to make effective decisions while working through complex issues, program, and business interest related issues.
- Five or more years’ experience (preferred) working in an electric or gas utility industry; Familiarity with utility-specific technologies and services preferred
- Experience in large scale design of complex multi-vendor system environment and distributed architectures, in providing oversight, and risk-informing business leaders on the risk profile of the arrangements and development of effective risk mitigation strategies.
- Proven track record managing compliance programs and/or compliance results across large-scale and complex Digital/IT footprints in a high-growth, fast-paced environment.
- Ten or more years of related IT experience required with extensive background in multiple of the following IT or IT Assurance disciplines:
- Cybersecurity, Advisory, Controls, Infrastructure, and/or Vendor Assurance and Screening.
- Experience running and establishing corrective action programs with proven and demonstrated results.
- Five or more years of supervisory and high-level team/project leadership required. Strong management and effective leadership experience.
- Proven track record of delivering complex IT compliance and governance services in a diverse and regulated environment.
- Demonstrated experience in areas of general management, specifically around team member development, leadership skills, organizational skills, and managing/setting priorities in a fast paced environment.
- Impeccable executive presence and communication skills
- Experience building and managing compliance teams
Vacancy Type: Full Time
Job Location: St Louis, MO, US
Application Deadline: N/A