Back to top

Senior Advisor, Information Security – GRC/TVM

This job is no longer available

Washington, D.C., USAWashingtonD.C.USA

Develops strategy and oversight to ensure AARP's applications and infrastructure are designed, built, and implemented to the highest security standards to meet and exceed constituents' expectations of security and privacy.  Oversees the Governance, Risk, and Compliance (GRC) and Threat and Vulnerability Management (TVM) programs and will be expected to establish the programs’ long-term strategy and vision, oversee the execution of all initiatives related to the programs, and align with the overall objectives of the organization.

Areas of Responsibility: 
  • Identifies security gaps and risks and develops mitigation plans.
  • Leads the GRC program and associated reporting, risk discovery, and risk prioritization efforts.
  • Leads the Threat and Vulnerability Management program, including oversight of third parties managing daily TVM activities, such as scanning, reporting, and remediation.
  • Leads the development and interpretation of security policies and procedures.
  • Develops quantitative risk insights to senior management to ensure data-driven decision making for future investments and initiatives.
  • Evaluates the design and effectiveness of the information security control environment, both operational and technical.
  • Assists in security compliance efforts (e.g., CIS-CSC) and anticipates new compliance requirements.
  • Works closely with legal, compliance, finance, and internal audit on issues and projects.
  • Evaluates and recommends new and emerging security products and technologies.
  • Stays current on emerging security threats, vulnerabilities, and controls.
  • Evangelizes security within AARP and serves as an advocate for member trust.
  • Engages with business unit stakeholders and partners to identify information security solutions required to meet organizational, regulatory, and strategic security requirements and objectives.
Educational Background: 
Completion of a Bachelor’s degree in Computer Science or a related field or equivalent experience in an information security capacity
  • 5+ years of relevant information security experience, with 2+ years of experience managing a GRC program and 2+ years of experience managing a TVM program.  Certification in information security a plus (SANS, GIAC, CISSP, etc.).
  • Knowledge of information security frameworks, such as ISO 27001/2, NIST, and CSC.
  • Experience in threat modeling and risk assessment approaches.
  • Experience managing a TVM program and its associated functions.
  • Knowledge of quantitative risk measurement processes.
  • Experience in identifying security risks and driving them to remediation.
  • Experience with GRC tools, such as RSA Archer.
  • Extensive experience overseeing the use of security scanning tools, such as Qualys.
  • Knowledge of information security regulations applicable to AARP organizations, i.e. HIPPA, PCI DSS, and various state/national privacy laws.
  • Experience developing information security policies, procedures, and standards.

AARP offers competitive benefits with a 401K, 100% company funded pension plan, health, dental, vision and life insurance, STD/LTD, paid vacation and sick, and other benefits.

Organization Info


Washington, DC, United States
About Us

AARP is a nonprofit, nonpartisan organization dedicated to enhancing the quality of life for all as we age. AARP champions positive social change and delivers value through advocacy, information, and service. AARP's vision is a society in which everyone lives with dignity and purpose, and fulfills their goals and dreams.

Listing Stats

Post Date: 
May 11 2019
Active Until: 
Jun 11 2019
Hiring Organization: