Manager, GCC Tooling and Operations
Location:Offsite, San Jose, California, US
Area of InterestSecurity
In today's dynamic digital environment, security is everyone's job. At Cisco, the Security and Trust Organization is at the core of making infrastructure more secure. Your involvement in this strategic and ambitious team will allow you to be part of one of Cisco's major objectives - to be the Number 1 Trusted Business partner to our customers. The Security and Trust Organization reports to Cisco's Chief Security and Trust Officer and is responsible for owning the innovation, training, and implementation of security and trust features and processes across all of Cisco's products. The Global Cloud Compliance (GCC) group within the Security and Trust Organization is responsible to drive all Compliance certifications across Cisco. This team is responsible for enabling and protecting Cloud sales for our Commercial customers, US Government and Federal agencies, as well as many international standards bodies. This team works with Sales and Business Unit partners to ensure the correct security and trust features and functionality are included in new offer releases
What You’ll Do
The Manager, GCC Tooling & Operations, works directly for the Global Cloud Compliance (GCC) leadership, and is responsible for leading and partnering with business and technology leaders to deliver and maintain an effective corporate-wide and customer-centered "best in class" GRC tool with the goal to support the commercial and federal certifications for Cisco SaaS offers using Cloud Controls Framework (CCF). This role will work in close partnership with the rest of GCC Strategy, Execution, PMO and GCC-India team towards the uber compliance goals. This role will manage a team of GRC Tooling and Operations engineers who will be maintaining the the enterprise wide GRC solution to support the certification efforts. This role requires an understanding of various security certification frameworks like AICPA SOC, ISO27001, NIST, CMMC, CIS and others. The Manager is an essential member of the GCC Team. The Manager develops, implements, and maintains the strategy and roadmap for the GRC tool, solution and platform and how it will be integrated to support CCF adoption, monitoring and automation across Cisco SaaS offer.
What You'll do:
The role responsibilities will include:
- Manage the enterprise-wide GRC tool rollout to support Cisco’s Cloud Controls Framework (CCF)
- Works on an organization-wide charter to involve security and compliance teams across business units to develop a common business and technical requirements document for the enterprise GRC Tool
- Establishes and executive a continuous compliance monitoring and auditing program with an emphasis on automation.
- Shares thought leadership in designing and implementation of sustainable, scalable remediation for complex gaps assessments to applicable regulations, and industry practices.
- Maintains current knowledge of the information security field and the changing threat landscape while implementing improvements in both technical security and compliance domains, mitigating risks identified as part of the risk management process.
- Embodies and fosters an inclusive work environment that encourages staff engagement and collaboration through establishing a culture of teamwork.
- Leads and manages assigned staff, makes employment decisions and reviews development plans.
- Establishes expectations with all direct reports, holds individuals and work teams accountable and evaluates staff performance.
- Directs the management and maintenance of the enterprise-wide Information Security policies and standards on the GRC platform that align with business objectives, laws and regulations.
- Partners across the Security, Engineering, Technology, Procurement, Legal and Internal Audit teams to identify strategic technology standard methodologies applicable for the organization, and leads initiatives to drive awareness, adoption and adherence.
- Provides constructive feedback, coaching and counseling.
- Work in partnership with rest of GCC function to ensure that
- the CCF program is focused on increasing program maturity and control capabilities to remain effective in identifying, detecting, and protecting the organization against the ever-growing threat landscape.
- Provides thought leadership and transformation in compliance across the organization.
- a strong and cohesive team that is focused on delivering results by providing effective coaching to drive and maintain team engagement.
- benchmarks risk management practices and monitors the legal and regulatory environment for developments that may require changes to policies and practices.
- Coordinates information security and risk management projects with personnel from the Security, Engineering, Technology, Procurement, Legal, Internal Audit and other internal departments
- Manages security risk-related activities, including planning, assessing, recommending appropriate remediation measures, and reporting.
- Ensures alignment and integration of all security risk practices and processes across the organization.
- College degree - Bachelors / master’s degree with a focus in Information Technology / Computer Science or related field
- 8 - 12 years of relevant experience
- Extensive experience in a leadership role with an emphasis on the implementation of a GRC program.
- 5+ years’ experience in people management.
- 5+ years’ experience in GRC, with experience managing security risks and designing controls.
- Experience in executing the continuous controls monitoring using automation
- A thorough understanding of risk management methodologies, frameworks, and principles (e.g. AICPA -SOC2, NIST-FedRAMP, ISO, PCI, HIPAA etc.) to evaluate and recommend the best approach to mitigating risk with best in class controls.
- Knowledge of Core IT processes / services such as SDLC, Identity/User Access management, Vulnerability Management, Backup and DR processes will be useful
- Excellent communications skill at all levels of the organization
- Ability to prioritize and multi-task in a fast-changing environment
- It’s critical that the person is a good team-player
- Relevant certifications like CISA, CISSP, CCSK, others, will be a plus.
#WeAreCisco, where each person is unique, but we bring our talents to work as a team and make a difference powering an inclusive future for all.
We embrace digital, and help our customers implement change in their digital businesses. Some may think we’re “old” (36 years strong) and only about hardware, but we’re also a software company. And a security company. We even invented an intuitive network that adapts, predicts, learns and protects. No other company can do what we do – you can’t put us in a box!
But “Digital Transformation” is an empty buzz phrase without a culture that allows for innovation, creativity, and yes, even failure (if you learn from it.)
Day to day, we focus on the give and take. We give our best, give our egos a break, and give of ourselves (because giving back is built into our DNA.) We take accountability, bold steps, and take difference to heart. Because without diversity of thought and a dedication to equality for all, there is no moving forward.
So, you have colorful hair? Don’t care. Tattoos? Show off your ink. Like polka dots? That’s cool. Pop culture geek? Many of us are. Passion for technology and world changing? Be you, with us!