This Job Vacancy has Expired!

GRC Manager

Posted on Jun 2, 2022 by Request Technology

Dallas, TX 75201
IT
Immediate Start
$145k - $165k Annual
Full-Time

*We are unable to sponsor as this is a permanent full time role*

A prestigious company is on the search for a Manager of Information Security Governance & Compliance. This manager will manager over 6-8 people and will drive the GRC risk based compliance testing. They will work with internal controls, application controls, infrastructure systems, and information technology processes.

Responsibilities
Lead development, implementation, and maintenance of information security governance items such as policies, standards, and controls
Mature and maintain the policy life cycle management process, ensuring security policies are reviewed and updated on a regular basis and any exceptions are processed and monitored
Maintain the control inventory, establishing control ownership and control mappings to security compliance frameworks such as NIST CSF/800-53, ISO 27001/2, etc.
Stay updated with compliance, regulatory, and industry best practices applicable to Company and escalate findings appropriately
Provide cybersecurity governance guidance for all projects within the organization that have technology significance, including the evaluation and recommendation of security controls
Work closely with the Information Security Risk Management team to design, document, and test controls aligned to mitigate IT risks within the IT organization
Conduct regular risk-based compliance testing of information security controls, reporting issues and monitoring remediation efforts
Collaborate with control owners to validate effectiveness of security controls, their procedures, and ensure testability
Oversee and drive the Issues Management processes to address issues identified in security assessments, key application reviews, access control reviews, internal or external audits and/or other assessments
Conduct the annual NIST Cyber Security Framework (CSF) self-assessment and presents findings and accomplishments
Collaborate with the IT/cybersecurity team members, application owners, control owners, and stakeholders to achieve buy-in and successful results for the program

Qualifications
Bachelor's degree in computer science, information security, information technology, or related field of study; or equivalent professional work experience
10+ years of experience in cybersecurity, IT auditing, risk management, governance, and/or compliance management
3+ years managing high-performing information security teams
Professional governance, risk, or compliance certification such as CISA, CRISC, CGEIT, etc.
Demonstrable experience in writing, editing, and revising governance items such as policies, standards, or controls in support of organizational cyber security activities
Expert-level experience in executing compliance control testing programs and processes
Experience implementing a variety of information security frameworks & controls across a large organization
Strong working experience with the NIST Cybersecurity Framework, ISO 27001 & 27002, Cloud Security Alliance (CSA), OWASP, or CIS Benchmark
Experience implementing or enhancing GRC/Integrated Risk Management (IRM) platforms (experience with ServiceNow GRC/IRM a plus)
Experience in establishing and reporting measures/metrics (KRIs and KPIs) to demonstrate program performance and security posture
Strong knowledge of cybersecurity governance, regulations, and security frameworks
Demonstrated understanding of a wide range of compliance and technology frameworks (NIST Cybersecurity Framework (CSF) and 800-53, ISO 27001 & 27002, Cloud Security Alliance (CSA), OWASP, CIS Benchmark, etc.)
Skill in leading the process of Issues Management and associated remediation efforts
NIST CSF Self-Assessment
Exceptional consultative and interpersonal skills that result in business relationships of impeccable trust, confidence, and results at all levels within the organization
Skilled at managing high-performing teams of GRC analysts
Skill in developing and maintaining metrics, KRA's, and KPI's relevant to the governance and compliance disciplines
Implementing and using GRC/IRM tools to manage GRC processes (experience with ServiceNow GRC/IRM a plus)

Reference: 1616195683

Set up alerts to get notified of new vacancies.