Job Description
- Fortune 500 company
- Fortune Best Places to Work
- Great Culture + Benefits
- Salary + healthy Bonus
- Awesome culture!
Our Fortune 500 and Fortune's Best Places to Work client is looking to expand their team of talented Information Technology professionals. They have an excellent reputation as a great place to work with an open, collaborative culture. they are looking for an accomplished Governance, Risk, and Compliance (GRC) Manager to join our Information Security team. They seek an individual with a passion for cybersecurity and a proven track record leading GRC teams. You will report to the CISO. To be successful, you will collaborate with cross-functional teams, including IT, legal, and business stakeholders to establish a robust governance framework and manage risks effectively. The company will help you to attain your career development goals through training, mentoring, and by giving you a chance to stretch and grow as a leader in Information Security.
As the Manager of our GRC team you will oversee and manage the governance, risk management, and compliance aspects of their cybersecurity program. You will serve as the owner of the Cybersecurity Risk Management Framework and Cybersecurity policies, liaise with Legal on privacy and data security issues, oversee IT audit and regulatory compliance, direct the third-party cybersecurity risk management program, and facilitate the cybersecurity training and awareness program. The ideal candidate will have a strong background in cybersecurity, a deep understanding of industry standards, regulations, and frameworks, and the ability to implement and maintain effective governance and compliance strategies. You will lead an experienced team of Analysts and are a proven servant leader with a willingness to roll up your sleeves and get engaged, both strategically and tactically.
We believe success starts with having the right people -- those who have the right attitude and aptitude. We seek out goal-oriented professionals who are creators, leaders, and pioneers. We value diversity in our workforce. By bringing together people with different backgrounds, thoughts, and life experiences, we create a competitive advantage.
Primary Responsibilities:
· Formalizes and leads the management and governance of cybersecurity risks, encompassing risk identification, assessment, prioritization, remediation, and mitigation strategies.
· Conducts comprehensive risk assessments to identify potential vulnerabilities and gaps in IT systems, processes, and controls.
· Ensures compliance with SOX, PCI-DSS, the SEC, relevant Privacy regulations, and other regulatory requirements.
· Oversees Cybersecurity policies, standards, guidelines, and baselines; ensures policies are reviewed, updated, and approved regularly.
· Designs and executes comprehensive security awareness and training programs to promote a culture of vigilance and security consciousness among employees.
· Oversees the end-to-end third-party risk management process, evaluating security risks, conducting assessments and due diligence, and ensuring ongoing compliance.
· Directs the development and implementation of business continuity and disaster recovery strategies, ensuring minimal disruption to operations in the event of a crisis.
· Leads defining, improving, and maturing enterprise IT security policies, standards, & procedures to ensure the protection of information assets.
· Liaises with Internal Audit and tracks remediation of findings associated with the cybersecurity program audit.
· Communicates the status and accomplishments of the organization’s activities and projects to the CISO, IT organization, and other stakeholders.
· Achieves financial objectives by forecasting requirements, preparing an annual budget, scheduling expenditures, analyzing variances & initiating corrective action within GRC context.
· Establishes and maintains strong working relationships with industry peers and other external stakeholders.
· Translates & champions Information Security strategy to GRC team and to peers in the IT department.
· Keeps up to date with emerging industry trends, regulatory changes, and security threats and proactively assesses their impact to the company.
Management Responsibilities:
With Direct Reports
· Ensures appropriate staffing to meet department needs.
· Utilizes recruiting and selection tools/processes to build organizational talent.
· Delegates work according to employee’s abilities and skills.
· Conducts performance & development reviews per HR guidelines. Takes corrective actions, including Performance Improvement Plans & terminations, when necessary.
· Evaluates employee’s performance and plans for compensation actions in accordance with that performance.
· Provides developmental opportunities through identification of internal and external training opportunities.
· Creates opportunities for employee growth.
· Provides continuous coaching regarding functional and leadership standards (technical skills and behaviors).
Required Education:
· Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or related field (advanced degree preferred), or equivalent experience.
· Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified in Governance, Risk and Compliance (CGRC) or similar certifications are highly desirable.
Required Experience:
· Minimum of 5 years of progressive experience in cyberSecurity Governance, risk management, and compliance roles within a corporate environment.
· Minimum of 3 years of progressive leadership experience.
· Expertise in governance, risk, and compliance management methodologies, frameworks, and best practices.
· Proficient in the development and execution of GRC strategies to address risks and ensure compliance with relevant standards.
· Ability to conduct comprehensive risk assessments and develop effective risk mitigation plans and controls.
· In-depth understanding of security frameworks and industry standards (e.g., ISO, NIST Cybersecurity Framework, CIS, PCI-DSS).
· Ability to develop and maintain clear and concise cybersecurity policies, standards, procedures, and guidelines.
· Competent in developing and delivering cybersecurity training and awareness programs.
· Proven ability to assess and manage risks associated with third-party vendors and partners; skilled at conducting due diligence and ensuring contractual terms address potential risks.
· Ability to influence and collaborate across departments and cross-functional teams.
· Exceptional communication and interpersonal skills.
· Broad knowledge of software development lifecycle & project management methodologies.
· Broad understanding of business practices & operations.
· Coachable, adaptable, and committed to professional development and growth.
· These minimum requirements may also include additional criteria specific to the position.