Position Title: Compliance and Reporting Lead Division: Corp Information Security Reports To: Department Manager, Security Compliance Essential Functions: � Define, create, and produce Enterprise Information Security effectiveness metrics and scorecards from both a security program management perspective as well as a line of business management perspective. � Analyze vulnerability data to identify risks; develop action plans and track issues to resolution. � Provide quantitative and qualitative analysis of metrics to assess KeyCorp�s organizational acceptance of, and adherence to, Corporate Information Security standards. � Manage the Corporate Security Awareness program and develop training programs; provide training as needed. � Manage the Information Security Communications Steering Committee comprised of companies lines of business to ensure appropriate awareness and attention regarding security posture (vulnerability, administration, awareness, etc) across the Corporation. Required Skills: � Bachelor degree in Business, Information Systems, Engineering or related field. � 5 or more years of focused Information Security and/or technology engineering & support experience � Experience with the dissemination and evaluation of Information Security policies, best practices, standards, and guidelines � Ability to develop security compliance evaluation metrics and collateral based on Information Security policies, best practices, and guidelines. � Ability to analyze quantitative data, summarize results, and draw conclusions. � Highly consultative nature, ability to understand internal clients� business models and operational risk. � Excellent written and verbal communication skills � Ability to interact well with Executive management and its Line of Business leaders. Preferred Skills � Experience with vulnerability management tools � CISSP Certification
