Lead, Cyber Security

Job Location: Corporate Indianapolis The Cyber Security Lead Risk & Compliance will identify, analyze, and influence the organization's management of information risks and compliance. This role will help support compliance and privacy policies such as but not limited to SOX, GDPR, SWIFT, PCI, and HIPAA. In addition, this person will help identify and facilitate the implementation of appropriate controls to effectively manage information risks as needed. This role will also identify opportunities to improve risk posture, develop solutions for remediating or mitigating risks, and assess residual risk. Principal Responsibilities The successful candidate’s responsibilities will include, but not be limited to: · Facilitates an information security governance structure, including the formation of an information security steering committee or advisory board · Works with various business units to ensure that the information security requirements are included in contracts · Evaluates and performs assessments of 3rd party companies and tools · Provides clear risk-mitigating directives for projects with components in IT, including the mandatory application of controls · Maintain necessary internal networks among the line-of-business leaders, corporate compliance, audit, physical security, legal, and HR management teams to ensure alignment · Creates a risk-based process for the assessment and mitigation of any information security risk in the ecosystem consisting of supply chain partners, vendors, consumers, and any other third parties · Assist with process and governance for IT-related controls and systems as it relates to cyber risk or compliance · Works with the compliance staff to ensure that all information owned, collected, or controlled by or on behalf of the company is processed and stored by applicable laws and other global regulatory requirements, such as data privacy · Collaborates and liaises with the data privacy officer to ensure that data privacy requirements are included where applicable · Defines and facilitates the processes for information security risk and for legal and regulatory assessments, including the reporting and oversight of treatment efforts to address negative findings · Develops and oversees effective disaster recovery policies and standards to align with the enterprise business continuity management (BCM) program goals · Communicates risk assessment findings to team owners and custodians of information risk business leaders, or information governance teams MINIMUM QUALIFICATIONS · 5 years of cyber security experience · Knowledge and understanding of relevant legal and regulatory requirements, such as SOX, PCI-DSS, SWIFT, and HIPAA · Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT, or NIST · Ability to identify and assess the severity and potential impact of risks. Communicate risk assessment findings to risk owners outside the cybersecurity program in a way that consistently drives objective, fact-based decisions about the risk that optimize the trade-off between risk mitigation and business performance Simon is a global leader in retail real estate ownership, management and development and an S&P 100 company (Simon Property Group, NYSE: SPG). Our industry-leading retail properties and investments across North America, Europe and Asia provide shopping experiences for millions of consumers every day and generate billions in annual retail sales. Our portfolio includes assets of national and international renown - proven assets that are the preferred location for retailers. In addition to our high quality properties, Simon is also known for our strong balance sheet, a long-tenured and well-respected senior management team, and our innovative spirit, as reflected in a 50 year history of successful retail real estate development, management, and leasing. Simon was named Fortune’s Most Admired Real Estate Company eight times. We have experienced an explosion of growth and innovation unprecedented in the industry and we look forward to Simon's future. Simon is proud to be an Equal Employment Opportunity employer. We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. If you require assistance or need to request an accommodation due to a disability, please email CandidateAccommodations@simon.com. Please note this email is intended only for accommodation requests related to the application and interview process. Any other correspondence will not receive a response.