Juniper

Work Location: Must be based in the California Bay Area (will need to be able to periodically meet in person at the Juniper Corporate Offices in Sunnyvale, California)

About the Position: Juniper Networks has an opportunity for a Security Certification Program Senior Manager within Juniper’s Internal Audit team and reporting to the Director, Global IT Audit. The Senior Manager will assist with implementing, managing, coordinating, and sustaining the ISO 27001 security certification, SSAE-16 SOC 1 & 2 audit preparatory processes, and supporting other relevant certification/attestation programs such as FedRAMP, CMMC. A successful candidate will be able to work closely with SMEs and project leads and ensure alignment with the organization’s Information Security Management System (ISMS).

Responsibilities:

• Support the implementation, operation, support, and maintenance of the Information Security Management System (ISMS) based on the ISO/IEC 27000 series standards, including obtaining our certification against ISO/IEC 27001.
• Coordinate the development and implementation of information management practices including policies, standards, guidelines, and procedures; assist BUs to define and understand their responsibilities in relation to information management; assist BUs to identify their information needs and requirements. Compliance initiatives are focused on, but not limited to ISO 27001, SOC 1 and SOC 2 and other relevant certification/attestation programs such as FedRAMP, CMMC.
• Leverage the common language and semantics provided by NIST CSF and control frameworks (e.g., NIST SP800-53, NIST SP800-171) to communicate with stakeholders.
• Manage and lead the design and operation of related compliance monitoring and improvement activities to ensure compliance both with internal security policies etc. and applicable laws and regulations.
• Support departments and help manage projects to implement/adopt the information security management system and the ongoing maintenance of the control environment.
• Support suitable information security awareness, training, and educational activities.
• Facilitate information security risk assessments and controls selection activities.
• Coordinate with, and offer strategic direction to, related governance functions (such as Risk Management, IT, HR, Legal and Compliance) plus senior and middle managers throughout the organization as necessary on information security matters, such as routine security activities, emerging security risks and evolving control technologies.

Minimum Qualifications:

• 8+ years of Information Security related experience.
• BSCS, BSEE, or other related/relevant area of study.
• Knowledge of internal control frameworks and their application to achieve compliance with the requirements for security certification and attestation programs.
• Deep knowledge and understanding of the NIST CSF and related control frameworks.
• Excellent project management, written and verbal communication, influencing and problem-solving skills.
• Practical understanding of program management techniques and implementation within the business.
• Strong analytical, process and risk management knowledge.
• Able to build productive teams utilizing different skill sets and perspectives, prioritizing team objectives and managing scope, managing, and reconciling conflicting team member opinions.
• Able to work with team members to establish clear performance goals and expectations, tailor expectations for individual capabilities, create positive tension to drive results, fairly and objectively review performance, and provide timely feedback.
• Able to drive others to look beyond proposed actions to identify better alternatives in complex environments.
• Strong interpersonal and influencing skills.

Preferred Qualifications:

• Information risk and security management: At least 5 years of work experience in this field; demonstrable experience with relevant approaches, standards, methods, frameworks etc.
• Hands-on experience with ISMS design and implementation, specifically related to ISO 27001 certification project management experience.
• IT risk management skills (e.g., able to assess risks, ask the right questions and get to the bottom of things, plus write and present formal management reports).
• One or more Professional Certifications such as: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), or ISO 27001 credentials are highly desirable and preferred.

Distinguishing Characteristics of the Ideal Candidate:

• A natural leader with demonstrably strong leadership capabilities e.g., able to be influential and motivational, a good bidirectional (written and verbal) communicator.
• Combine strong personal integrity (grit) with pragmatism, willing to stand up for what's right for the organization, but also open to exploring alternative means of achieving it.
• Realistic and pragmatic in approach.
• Able to see the bigger picture, be professionally curious, and think strategically where appropriate.
• Capable and willing to establish effective, productive working relationships with various managers, staff, and other professionals (including third parties) on security, privacy, and related matters, guiding them where relevant, responding to their concerns and collaborating on mutually beneficial solutions.
• Extremely proficient project management skills, with demonstrated ability to coordinate and organize work deliverables across multiple contributors as part of recurring annual and quarterly priorities.

Other Information:

• Relocation is NOT available for this position.
• Travel requirements for the position up to 20% and may include international travel.