AARP Delivery Lead II - Information Security GRC Salary in the United States

AARP is a nonprofit, nonpartisan organization, with a membership of nearly 38 million that helps people turn their goals and dreams into 'Real Possibilities' by changing the way America defines aging. With staffed offices in all 50 states, the District of Columbia, Puerto Rico, and the U.S. Virgin Islands, AARP works to strengthen communities and promote the issues that matter most to families such as healthcare security, financial security and personal fulfillment. AARP also advocates for individuals in the marketplace by selecting products and services of high quality and value to carry the AARP name.  As a trusted source for news and information, AARP produces the world’s largest circulation magazine, AARP The Magazine and AARP Bulletin.

Information Technology Solutions (ITS) is AARP's technology leader in positive social change and member value, enabling a more effective workforce and globally connecting employees, members, volunteers, partners and advocates to maximize engagement.

The Delivery Lead - Information Security GRC, Sr is a core delivery resource on a capability (platform) team responsible for ensuring team success by leveraging the appropriate Rapid Delivery methodology for predictable, quality delivery while maintaining a focus on continuous team improvements. This position operationalizes the capability (platform) strategy and will be expected to deliver incremental business value in an agile environment. The Delivery Lead – Information Security GRC, Sr. must be a multi-faceted practitioner able to facilitate activities using multiple delivery methodologies, write technical documentation as needed, manage third-party development and/or consulting resources, and identify innovation opportunities for the team.

This person will work closely with other core roles on the team, including the Director(s) and Engineer(s). All team members will work closely with various stakeholders across AARP and third-party vendors or partners.

Domain Responsibilities

• Coordinates and conduct annual policy reviews and any required revisions
• Establishes process development and documentation for Business Unit Risk Assessments
• Facilitates the overall Governance lifecycle, including validation and remediation of expected controls
• Manages GRC product’s performance, enhancements, and associated reporting
• Enhances GRC function by integrating Information Security standards into GRC solution
• Assists with PCI compliance efforts
• Enhances processes for and oversees regular access control review attestations
• Participate in Information Security on-call rotation for 24/7 incident response, where required

Delivery Responsibilities

Rapid Delivery Coach/Facilitator/Scrum Master

• Integrates Rapid Delivery (Agile or other) principles into team practices and work products.
• Coaches Capability (Platform) Manager and team on backlog refinement and prioritization.
• Facilitates and supports Scrum events as needed and remove impediments to team progress.
• Innovates with delivery practices and frameworks through experimentation to improve the team and their delivery of business and technical outcomes.
• Influences the team to improve collaboration and self-organization.
• Works with other Delivery Leads through a Community of Interest to increase the effectiveness of the application of Scrum within the organization

Business Operations Management

• Ensures the team considers enterprise standards around architecture, information security, agile delivery, quality engineering, service management and user adoption during design and implementation.
• Develops statements of work (SOWs) for any third-party vendors or contractors that adheres to procurement standards and includes outcome-based deliverables.
• Ensures the necessary technical documentation, including governance practices and standards, is created by the team.
• Responsible for work plans, budget, sprints, releases, schedules, resource allocation of all team delivery efforts.
• Coordinates reporting on the capability (platform) team progress, impediments, issues, and impacts to various stakeholders with the Capability (Platform) Manager.

Business Analysis

• Supports the creation of consistent user stories and requirements with the development team and Capability (Platform) manager.
• Verifies that implemented solutions meet defined story objectives and are of high quality.
• Verifies that deliverables from third-party vendors align to executed statements of work.
• Facilitates and participates in all testing activities, including user acceptance testing with key stakeholders.
• Leverages delivery analysis and tools to evaluate, optimize, and improve team output and delivery of business and technology outcomes.

Continuous Improvement/Operations

• Manages ongoing production operations and vendor relationships.
• Identifies issues and spearheads team problem-solving to achieve resolution.
• Drives the collection of feedback and metrics to identify areas of opportunity.
• Works with the team to continuously improve processes, operations, self-service capabilities, and automation where feasible.
• Identifies process, delivery, and governance gaps with the capability team and collaborates with the ITS Transformation team on solution development and implementation.
• Follows ITS DR Policy and Standards.
• Creates DR Plan for identified technology solution.
• Devises testing strategy and/or test plan for the technology solution.
• Provides artifacts to ITRM to validate compliance with ITS DR Policy and Standards.

Desired Education and Certifications

• Bachelor's degree or equivalent in Information Technology, Computer Science, Engineering or related field
• CISSP, CCSP, CISA, or equivalent experience

Work Experience

• 5+ years Information Security experience
• Experience with security Governance, Risk, and Compliance
• Demonstrable ability to manage complex processes in a fast-paced environment
• Experience with Active Directory and access management controls
• Proven ability to coordinate information from disparate sources and drive to actionable results
• Previous experience working in a compliance-driven industry
• Knowledge of industry-standard security frameworks, such as NIST, ISO 27001/2, and CSC
• Experience managing third party vendors
• 10+ years of IT experience and agile delivery methodologies, including Scrum, Kanban, and Lean UX
• Hands-on experience with backlog tracking and task definition
• A demonstrated ability to work within a team and build consensus towards a technical direction
• Technology delivery experience through concept, development, validation, deployment, and support
• Product evaluation through RFI/RFP including working with vendors and internal stakeholder groups
• An understanding of external cloud hosting providers including Amazon Web Services, Microsoft Azure, and Salesforce
• 3+ years of Information Technology experience required, Governance Risk and Compliance experience desired

 AARP offers competitive benefits with a 401K, 100% company funded pension plan, health, dental, vision and life insurance, STD/LTD, paid vacation and sick, and other benefits.

AARP is an equal opportunity employer committed to hiring a diverse workforce and sustaining an inclusive culture.  AARP does not discriminate on the basis of race, ethnicity, religion, sex, color, national origin, age, sexual orientation, gender identity or expression, mental or physical disability, genetic information, veteran status, or on any other basis prohibited by applicable law.