At Nuance, we empower people with the ability to seamlessly interact with their connected devices and the digital world around them. We are creating a world where technology thinks and acts the way people do by designing the most human, natural, and intuitive ways of interacting with technology.
Our nimble technology uses analytics and advanced algorithms to transform the inanimate into animate and reduce complicated processes into simple ones.
The Nuance Global IT team is focused on supporting the company and employees with technical solutions and expertise that help the business run more efficiently, ensure security and data privacy, and support new IT infrastructure initiatives that drive innovation. Our team is composed of problem solvers with constant curiosity and different perspectives who love to collaborate to transform and rethink IT.
Summary: Nuance seeks an experienced Information Security professional to lead the information security governance, risk and compliance (GRC) of its Mobility Division.
This role will work alongside development, operations, professional services and management to lead the development and implementation of key controls throughout the software development life cycle to ensure the compliance and certification of Mobility’s products with ISO 27001, CSC, SOX and SOC2 standards.
The individual will liaise with Corporate Security, Legal, Privacy and other divisions on corporate GRC matters and best practices and will lead the roll-out and implementation of the corporate GRC automation solution across the Mobility Division.
•Oversees the development, implementation and management of an Information Security Management System (ISMS) and Risk Management process for the Mobility Division.
•Leads the development and implementation of the Mobility Control Framework to advance the organization’s maturity and compliance with the ISO 27001, CSC Top 20, Sarbanes Oxley (SOX) and SOC2 control frameworks as demanded by our customers.
•Develops, implements and drives compliance of controls throughout the Mobility Division through corporate and division policies, processes, standards, procedures, technologies and design criteria.
•Oversees Mobility’s efforts to ensure region and country specific regulatory compliance for information security and data privacy as required by customers and countries of operation.
•Coordinates and supports internal audits, assessments, certifications and examinations for Mobility, hosting auditors/examiners/testers and arranging documentation, requests, interviews; management responses, remediation plans and requisite tracking and reporting.
•Liaises with Corporate Security, Legal, Human Resources, Internal Audit and other departments on GRC matters and best practices. Represents Mobility in the sourcing and development of a Corporate eGRC solution and oversees the implementation, integration and management of the eGRC solution in the Mobility Division.
•Supports Sales, Professional Services and Vendor Management through the review and assessment of contract terms and conditions and the investigation, articulation and documentation of Division capabilities and ability to fulfill customer requirements with respect to Information Security and Data Privacy.
•Develops, schedules and delivers employee training and awareness program for information security and data privacy.
•Develops and reports on key activity- and performance indicators concerning GRC for the Division.
Number of Years of Work Experience:
• Minimum eight (8) years of experience in information technology business process analysis, project methodology, or software development life cycle
• Minimum of five (5) years of experience in information security, governance, risk, and compliance methodologies, tools and enablers
• In-depth knowledge of IT organization end-to-end areas and functions
• In-depth technical capabilities and professional knowledge of IT and Information Security
• Excellent written and verbal communication skills with the ability to negotiate
• Strong analytical and problem solving skills
• Ability to work both independently with sole responsibility, and as part of a team to deliver quality work product in a timely fashion in a fast-paced environment
• Information Security Technology Background
• Well versed in information security controls, policies, standards and processes
• Strong understanding of ISO 27001, SSAE 16/SOC2, SANS CRC and similar
• Strong understanding of common security technologies
• Understanding of the information security vendor landscape
• Well versed in Security Governance, Risk & Compliance and Security Audit practices
• Strong understanding of network security, systems security, and application security
• Ability to communicate with cross-functional technical resources
• Ability to communicate effectively with peers across divisions
• Ability to work in a highly matrixed environment
• Project management experience
• International experience or knowledge
• IT Audit/Compliance experience desired
• Helpful to have knowledge of one or more GRC automation platforms
• CISSP, CISM, CISA, and other such credentials
• Bachelor’s Degree in related field
• Master’s Degree in related field a plus
Nuance Communication Inc. is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, national origin, disability, veteran status, and other legally protected characteristics. The EEO is the Law poster is available here: http://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf . If you need a reasonable accommodation because of a disability for any part of the employment process, please call 781-565-5000 – Human Resources Department and let us know the nature of your request and your contact information.