Manager Information Security GRC
Posted on Oct 6, 2021 by Request Technology - Robyn Honquest
Manager of Information Security GRC
SALARY: $140k - $150k Flex plus 15% Bonus
You will Manage 4-5 People over all Security, Risk and Compliance. ISO 27001, ITIL, 800-53, COBIT, NIST
- Leading the Information Security Risk and Compliance team in alignment with security strategy and regulatory or legal obligations.
- Managing and executing the security risk and compliance program in collaboration with Information Security teams and stakeholders.
- Management, alignment, mapping, continuous improvement of internal security controls framework and control owner relationships.
- Integration expertise of vendor risk reviews, customer engagement surveys, control exceptions, risk assessments, audit readiness coordination, or security control requirement services.
- Subject Matter Expert to stakeholders and team in relation to the spirit of controls, associated security framework or regulation, and alignment to information security.
- Ensuring hiring, training, staff development, performance management and annual performance reviews are aligned and effectively executed to continue to grow skills and capabilities in accordance with Grainger's strategic needs.
- Monitoring external developments that may impact overall risk profiles, including emerging threats, technological developments, regulatory changes, etc.
- Report key operational, and program metrics designed to provide transparency of key attributes such as compliance readiness, security framework alignment, program maturity and operations.
Preferred Education & Experience:
- Experience in managing regulatory, legal, and/or Information Security frameworks and obligations.
- Comprehensive understanding of the spirit behind controls and their respective frameworks, regulations, or laws
- Experience in working with control owners to establish accountability, awareness, rationale, and relevance.
- Previous Risk Management experience preferred, with an emphasis on alignment to corporate risk appetite within the Cybersecurity discipline.
- Three or more years of IT people management experience, preferably in Information Security
- Written and verbal communication skills.
- Ability to communicate information security and risk-related concepts to technical and nontechnical audiences at various hierarchical levels.
- Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT as well as those from NIST, including 800-53 and Cybersecurity Framework.
- Skills in financial/budget management, scheduling and resource management.