Security Governance Manager

Would you like to work side-by-side with the brightest analytical and engineering minds in the industry to help organizations innovate and solve their Arm-based solutions? If you're not satisfied with simply working within an established system, but to be empowered to reshape and improve it for the challenges of tomorrow, then we may have your dream role.

Arm Enterprise Security is at the heart of ensuring we deliver the future of computing across multiple sectors from mobile clients and automotive through to Hyperscalers and embedded devices. And we're doing this together with our broad ecosystem of partners and for the benefit of everyone!

Job Overview:

The Arm Security Governance Manager will be working closely with the business units, to advise on risk, consult on compliance requirements, build security awareness, and enforce policies. This is a global role with responsibility for responding to information security needs across the entire Arm corporation!

Strong interpersonal skills are required to meet with senior leaders and explain the risks and alternatives to meet risk goals. Establishing and manage organizational operating and executive level metrics and assist in creating the monthly materials for leadership review.

We believe an ideal candidate will have a demonstrated ability to think strategically about security, compliance, and business outcomes, can articulate security, risk, and compliance objectives to business partners, is detail oriented, and able to operate effectively under pressure.

Responsibilities:

- Work with teams across Arm security practices to develop operational, executive and board level metrics
- The role has no direct supervisory responsibilities but must use leadership skills to influence positive outcomes
- Serve as trusted security advisor to internal and external partners on matters of security governance, policy, awareness, and changes to the security landscape. Ensuring security and compliance requirements are understood by those partners
- Develop and maintain security enablement training and educational materials to support Arm associates across the globe
- Develop and curate security audience specific content to address diverse business security requirements
- Implement clear, consistent information and reporting to identify, measure, monitor and manage the objectives and key results of Enterprise Security
- Document recommendations and implementation of corrective action plans to remediate issues for identified deficiencies. Monitor the progress of plans for on time completion
- Supporting continuous improvement to the program as it evolves to meet changing organizational and regulatory needs
- Work directly with internal business partners to assist in the identification and assessment of potential security risks, establish risk owners, ratings, and management action plans
- Develop Standard Operating Procedures (SOP) to document procedures for risk reporting, training & awareness, and policy management
- Counsel and guide business partners in identifying risks and potential risk mitigation alternatives commensurate with the risk identified and consistent with risk appetite
- Be responsible to manage and maintain service level agreements for Requests and issues raised via ServiceNow and Jira.
- Identify and raise risks, threats and vulnerabilities of technology security matters. Working with risk owners to shepherd the risks to conclusion where possible.
- Identify problems that cause negative impact to Arm or the team and help to create solutions.
- Develops tactical and trusted relationships within business partners
- Provide on-the-job training and peer review to team members
- Feed recommendations into strategic plans

Required Skills and Experience:

- Solid understanding of regulations, industry standards, and leading practices related to application security, platform security, network security, cloud security, data security, and data privacy
- Proven experience in developing simple, effective and easy to adopt security policies
- Demonstrable experience rationalizing policies using unified control frameworks (UCF, CSA’s Cloud Control Matrix)
- Experience in collecting security metrics and developing reports for management use and decision making
- Ability to quickly develop working relationships with peers and key partners, such as business partners, legal, internal audit and technology specialists.
- Influencing the security agenda across a large enterprise.
- Experience with security and privacy controls deployed in large enterprise and cloud environments
- Able to independently solve straightforward problems by investigating fully and provide recommended solutions for more sophisticated problems.
- Ability to clearly communicate information security concepts and complex technical topics to a wide audience of both technical and non-technical personnel (business leaders, auditors, legal staff, engineers)
- Execution oriented with an ability to manage multiple projects simultaneously with a focus on outcomes driving impact
- Social skills to interact effectively within the Enterprise Security group, customers and vendors at a tactical level.
- Excellent verbal and written communication and presentation skills
- Attention to detail, ability to multi-task and maintain composure when under pressure
- Agile, self-starter and can prioritize quickly and effectively. Contributes through the quality, accuracy and timeliness of the tasks/services provided by self, and quality control of work provided by others.
- Makes good judgement decisions using information and based on training and prior experience.

“Nice To Have” Skills and Experience:

- Experience working in a security, risk management, or governance role focused on technical controls, services and procedures.
- Experience with EU regulations and EU data privacy a definite plus
- Demonstrates a good understanding of the variety of technical security control concepts, procedures and systems (e.g., Email Security, AV, EDR, Firewalls).
- Security qualifications helpful but not crucial. i.e., CISSP, CISM.
- Good familiarity with other Enterprise Security organization (can identify which team fulfils which roles) and a Solid grasp of ITIL processes.
- Awareness of project management techniques, while having the ability to handle and chair meetings when required.

In Return:

We can offer exciting, interesting work within the dynamic Enterprise Security Team. Arm's growth trajectory will ensure career progression and the opportunity to have a significant impact on our success.

#LI-JW

Accommodations at Arm

At Arm, we want our people to Do Great Things. If you need support or an accommodation to Be Your Brilliant Self during the recruitment process, please email accommodations@arm.com. To note, by sending us the requested information, you consent to its use by Arm to arrange for appropriate accommodations. All accommodation requests will be treated with confidentiality, and information concerning these requests will only be disclosed as necessary to provide the accommodation. Although this is not an exhaustive list, examples of support include breaks between interviews, having documents read aloud or office accessibility. Please email us about anything we can do to accommodate you during the recruitment process.

Equal Opportunities at Arm

Arm is an equal opportunity employer, committed to providing an environment of mutual respect where equal opportunities are available to all applicants and colleagues. We are a diverse organization of dedicated and innovative individuals, and don’t discriminate on the basis of any characteristic.

Hybrid Working at Arm

Arm’s hybrid approach to working is centred around flexibility, where we split our time between the office and other locations to get our work done. Within that framework, we empower groups and teams to determine their own particular hybrid working pattern, depending on the work and the team’s needs. Details of what this means for each role will be shared upon application. In some cases, the flexibility we can offer is limited by local legal, regulatory, tax, or other considerations, and where this is the case, we will collaborate with you to find the best solution. Please talk to us to find out more about what this could look like for you.