This Job Vacancy has Expired!

Manager of Information Security Governance and Compliance

Request Technology - Craig Johnson

Posted on May 24, 2022 by Request Technology - Craig Johnson

Florida, FL
Immediate Start
$140k - $160k Annual

*We are unable to sponsor for this permanent Full time role*

*Position is bonus eligible*

Prestigious Enterprise Company is currently seeking a Manager of Information Security Governance and Compliance. Candidate will be responsible for driving governance and compliance as part of the Information Security program. Candidate will oversee the development and life cycle management of governance items such as policies, standards, controls, and compliance frameworks, as well as conduct and oversee risk-based compliance testing of internal controls, application controls, infrastructure systems, and information technology processes.


  • Governance
    • Lead development, implementation, and maintenance of information security governance items such as policies, standards, and controls
    • Mature and maintain the policy life cycle management process, ensuring security policies are reviewed and updated on a regular basis and any exceptions are processed and monitored
    • Maintain the control inventory, establishing control ownership and control mappings to security compliance frameworks such as NIST CSF/800-53, ISO 27001/2, etc.
    • Stay updated with compliance, regulatory, and industry best practices applicable to Southern Glazers and escalate findings appropriately
    • Provide cybersecurity governance guidance for all projects within the organization that have technology significance, including the evaluation and recommendation of security controls
    • Work closely with the Information Security Risk Management team to design, document, and test controls aligned to mitigate IT risks within the IT organization
  • Compliance
    • Conduct regular risk-based compliance testing of information security controls, reporting issues and monitoring remediation efforts
    • Collaborate with control owners to validate effectiveness of security controls, their procedures, and ensure testability
    • Oversee and drive the Issues Management processes to address issues identified in security assessments, key application reviews, access control reviews, internal or external audits and/or other assessments
    • Conduct the annual NIST Cyber Security Framework (CSF) self-assessment and presents findings and accomplishments
    • Act as liaison with internal and external auditors, facilitating meetings, walkthroughs, and discussion of remediation activities for identified deficiencies
  • Supporting Technology
    • Lead the implementation and maturity of the governance and compliance management program within the ServiceNow GRC (governance, risk, and compliance) solution
  • Leadership/Other
    • Ensure that employees/consultants/contractors are working effectively and delivering on assigned activities
    • Track resource performance and provide coaching (where appropriate) to improve delivery
    • Play an active role in counseling and mentoring junior cybersecurity team members
    • Develop and mature the various governance and compliance processes and functions, provide short and long-term roadmaps for increasing capabilities, and develop associated resource plans to properly staff for these enhancements
    • Collaborate with the IT/cybersecurity team members, application owners, control owners, and stakeholders to achieve buy-in and successful results for the program
    • Create and maintain relationships with key business, legal, internal audit, technical stakeholders, and others throughout the company to provide expertise in security governance and compliance
    • Act as a consultant to the information security and information technology departments, providing guidance and helping to mature the overall security posture of the organization
    • Identify and create metrics and dashboards to quantify and measure the impact of information security governance and compliance processes
    • Develop and execute effective presentations at all levels within the organization


  • Bachelors degree in computer science, information security, information technology, or related field of study; or equivalent professional work experience
  • 10+ years of experience in cybersecurity, IT auditing, risk management, governance, and/or compliance management
  • 3+ years managing high-performing information security teams
  • Professional governance, risk, or compliance certification such as CISA, CRISC, CGEIT, etc.
  • Demonstratable experience in writing, editing, and revising governance items such as policies, standards, or controls in support of organizational cyber security activities
  • Ability to understand laws and regulatory requirements and how they relate to risk, security, and compliance
  • Expert-level experience in executing compliance control testing programs and processes
  • Experience implementing a variety of information security frameworks & controls across a large organization
  • Strong working experience with the NIST Cybersecurity Framework, ISO 27001 & 27002, Cloud Security Alliance (CSA), OWASP, or CIS Benchmark
  • Experience implementing or enhancing GRC/Integrated Risk Management (IRM) platforms (experience with ServiceNow GRC/IRM a plus)
  • Knowledge of risk management processes, techniques, and tools
  • Demonstrated effective leadership experience, with the ability to manage projects and employees at remote locations
  • Familiarity with network technologies and protocols (Switches, Routers, Firewalls, VPNs, remote connection technologies, and multiple domain environments)
  • Solid grounding in hybrid IT systems, network security, application security, identity & access management, vulnerability management, endpoint security, and cloud environments (AWS, Azure, Salesforce, etc.)
  • Experience in establishing and reporting measures/metrics (KRIs and KPIs) to demonstrate program performance and security posture

Preferred Qualifications:

  • Masters degree in related field preferred
  • Professional information security certification such as CISSP, CISM, ISO Lead Auditor, etc.
  • Experience in food, beverage, CPG, or distribution industries a plus. Experience in other regulated industries is also welcome
  • Big 4 accounting firm experience a plus


  • Implementing and using GRC/IRM tools to manage GRC processes (experience with ServiceNow GRC/IRM a plus)
  • Knowledge of cloud security concepts and best practices
  • Skilled in the understanding of IT systems and supporting technologies

Reference: 1605508932

Set up alerts to get notified of new vacancies.