Skip Navigation

We’re attacking cancer With research

Search Our Jobs

Search Our Jobs

Manager, Security Governance

Job ID 10813361 Location Atlanta, Georgia Position Type Full-Time

Position Description:
Save lives. Fulfill yours.

At the American Cancer Society, saving lives is our mission. We achieve our mission by drawing on our humanity. Humanity made up of courage, determination, innovation, passion, empathy, and caring. These are the values that give us the advantage over cancer.

Our work is important. And so are the people doing it. The people who work at the American Cancer Society focus their diverse talents on our singular mission: to end the pain and suffering of cancer. It is a calling. And the people who answer it are fulfilled. We value our employees and nearly 2 million volunteers around the globe that have stood with us through the years, and we will not rest until the fight is won. And that day is drawing nearer.

The Manager, Security Governance is responsible for performing and directing the activities of others in the performance of security governance activities involving security policies, frameworks, metrics, systems hardening, identity governance, privileged account management, and various ITIL-related frameworks and standards. Incumbent will assist Security & Compliance leadership in strategizing, developing and maintaining the above and represent the interests of the Security & Compliance organization in dealings with peer managers and above inside IT and throughout the business. The Manager ensures the Security governance goals are aligned with the organization's cybersecurity and risk requirements and are executed to safeguard the enterprise from control deficiencies and regulatory gaps. The Incumbent will perform those responsibilities of performance management for a team of security professionals and may also include an intern. Peers to this Manager inside the Security & Compliance group are the Manager, Security Programs and Manager, Security Operations.

• Manage the Security Governance team in developing and maintaining security frameworks and policies.
• Drive continuous improvement in all covered areas including but not limited to improving tools, updating processes, and identifying metrics.
• Manage the Identity Governance actions by identifying opportunities and working to include those opportunities in the IAM/IGA functionality including specifically administering the Privileged Account Management (PAM) capability.
• Coordinate the activities of team members and execute the gathering and publication of security metrics from across IT.
• Manage the successful and continued functionality of the ITIL Problem and Change processes.
• With architects from the Security Operations team and other parts of IT, determine best practices for systems hardening over all systems regardless of location (on-prem or cloud) and operating system.

Position Requirements:
• Team Lead or manager in a similar function at ACS or elsewhere
• Minimum 8 years of relevant IT experience, with a minimum of 4 years’ experience focusing on IT security, including analytical and compliance working experience, and risk assessment and management
• Prior experience performing IT risk management, assessment, compliance, security awareness, and training tasks in a similarly-sized company
• Bachelor’s Degree is required; computer science, engineering, or security focused a plus
• Current security and/or IT Audit focused, vendor-agnostic certification a preferred (e.g., CISA, CISSP, CISM)
• Project management knowledge or experience a plus

Demonstrates Information Technology Competencies:
• Business insight - Applies knowledge of business and the marketplace to advance the organization’s goals.
• Decision quality - Makes good and timely decisions that keep the organization moving forward.
• Action oriented - Takes on new opportunities and tough challenges with a sense of urgency, high energy, and enthusiasm.
• Optimizes work processes - Knows the most effective and efficient processes to get things done, with a focus on continuous improvement.
• Ensures accountability - Holds self and others accountable to meet commitments
• Collaborates - Builds partnerships and working collaboratively with others to meet shared objectives.
• Communicates effectively - Develops and delivers multi-mode communications that convey a clear understanding of the unique needs of different audiences.
• Instills trust - Gains the confidence and trust of others through honesty, integrity, and authenticity.

Other Skills:
Computer & Security Policies and Standards:
• Knowledge of computer networking concepts and protocols, and network security methodologies.
• Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
• Knowledge of cybersecurity and privacy principles.
• Knowledge of cyber threats and vulnerabilities.
• Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
• Knowledge of the ACS’ core business/mission processes.
• Knowledge of full spectrum cyber capabilities (e.g., defense, attack, exploitation).
• Knowledge of current and emerging cyber technologies.
• Knowledge of Application Security Risks (e.g. Open Web Application Security Project Top 10 list)
Security Frameworks:
• Knowledge of information technology (IT) architectural concepts and frameworks.
• Knowledge of Risk Management Framework (RMF) requirements.
• Knowledge of the Risk Management Framework Assessment Methodology.
• Knowledge of service management concepts for networks and related standards (e.g., Information Technology Infrastructure Library (ITIL)).

Systems Hardening:
• Knowledge of system administration, network, and operating system hardening techniques.
• Knowledge of basic system, network, and OS hardening techniques.
• Knowledge of current software and methodologies for active defense and system hardening.
Identity and Access Management and PAM:
• Knowledge of authentication, authorization, and access control methods.
• Knowledge of cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
• Knowledge of access authentication methods.
• Knowledge of network security (e.g., encryption, firewalls, authentication, honey pots, perimeter protection).

General Skills:
• Operate independently, with limited supervision required; Self-starter and finisher
• Self-motivated and able to organize work for others.
• Detail-oriented team player with strong organizational skills and customer-facing skills.
• Excellent analytical and problem-solving skills.
• Critical decision-making ability and experience.
• Excellent verbal communication skills required.
• Excellent business writing skills required.
• Technical Documentation skills required.
• Ability to consult with technical and non-technical personnel and derive information pertaining to projects or initiatives.
• Ability to communicate technical concepts to a broad range of technical and non-technical staff.

Role-specific skills and abilities:
• Skill to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
• Ability to apply cybersecurity and privacy principles to ACS requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
• Skill in system, network, and OS hardening techniques. (e.g., remove unnecessary services, password policies, network segmentation, enable logging, least privilege, etc.).
• Ability to build architectures and frameworks.
• Ability to design architectures and frameworks.
• Skill in creating policies that reflect system security objectives.
• Skill in system, network, and OS hardening techniques. (e.g., remove unnecessary services, password policies, network segmentation, enable logging, least privilege, etc.).
• Skill in integrating and applying policies that meet system security objectives.
• Skill in creating policies that enable systems to meet performance objectives (e.g. traffic routing, SLA's, CPU specifications).
• Skill in creating policies that reflect the Society’s core privacy objectives.
• Ability to prepare and deliver education and awareness briefings to ensure that systems, network, and data users are aware of and adhere to systems security policies and procedures.
• Ability to develop policy, plans, and strategy in compliance with laws, regulations, policies, and standards in support of organizational cyber activities.
• Ability to monitor and assess the potential impact of emerging technologies on laws, regulations, and/or policies.
• Ability to interpret and apply laws, regulations, policies, and guidance relevant to organization cyber objectives.

• Work is normally performed in a typical interior/office work environment
• No or very little physical effort required
• No or very limited exposure to physical risk
• Able to work quickly with attention to detail including high-pressure situations.
• Ability to travel when necessary
• Ability to work flexible hours including occasional nights and weekends

We are committed to providing staff with fulfilling opportunities to learn, grow and make an impact in their local communities. We offer staff a generous paid time off policy; medical, dental and retirement benefits, and professional development programs to enhance staff skills.

Equal Opportunity Employer.

See our commitment to a policy of Equal Employment Opportunity to continually ensure equal opportunity to our employees and to our applicants.

Sign up for job alerts

Stay up-to-date about the latest career opportunities at American Cancer Society!

Areas of InterestChoose at least one category and/or location from the auto-suggestions and click ‘Add’ to subscribe.

  • Information Technology, Atlanta, Georgia, United StatesRemove
  • Relay for Life, Atlanta, Georgia, United StatesRemove