This Job Vacancy has Expired!

Manager Information Security GRC

Request Technology - Robyn Honquest

Posted on Sep 30, 2021 by Request Technology - Robyn Honquest

Lake Forest, IL 60045
Immediate Start
$140k - $150k Annual


Manager of Information Security GRC

SALARY: $140k - $150k Flex plus 15% Bonus

You will Manage 4-5 People over all Security, Risk and Compliance. ISO 27001, ITIL, 800-53, COBIT, NIST


  • Leading the Information Security Risk and Compliance team in alignment with security strategy and regulatory or legal obligations.
  • Managing and executing the security risk and compliance program in collaboration with Information Security teams and stakeholders.
  • Management, alignment, mapping, continuous improvement of internal security controls framework and control owner relationships.
  • Integration expertise of vendor risk reviews, customer engagement surveys, control exceptions, risk assessments, audit readiness coordination, or security control requirement services.
  • Subject Matter Expert to stakeholders and team in relation to the spirit of controls, associated security framework or regulation, and alignment to information security.
  • Ensuring hiring, training, staff development, performance management and annual performance reviews are aligned and effectively executed to continue to grow skills and capabilities in accordance with Grainger's strategic needs.
  • Monitoring external developments that may impact overall risk profiles, including emerging threats, technological developments, regulatory changes, etc.
  • Report key operational, and program metrics designed to provide transparency of key attributes such as compliance readiness, security framework alignment, program maturity and operations.

Preferred Education & Experience:

  • Experience in managing regulatory, legal, and/or Information Security frameworks and obligations.
  • Comprehensive understanding of the spirit behind controls and their respective frameworks, regulations, or laws
  • Experience in working with control owners to establish accountability, awareness, rationale, and relevance.
  • Previous Risk Management experience preferred, with an emphasis on alignment to corporate risk appetite within the Cybersecurity discipline.
  • Three or more years of IT people management experience, preferably in Information Security
  • Written and verbal communication skills.
  • Ability to communicate information security and risk-related concepts to technical and nontechnical audiences at various hierarchical levels.
  • Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT as well as those from NIST, including 800-53 and Cybersecurity Framework.
  • Skills in financial/budget management, scheduling and resource management.

Reference: 1339867755

Set up alerts to get notified of new vacancies.