Lead Manager, Security Governance, Risk & Compliance
Continental U.S.Full-TimeManager
Salary76,300 - 92,000 USD per year
Apply NowOpens the employer's application page
Job Details
- Experience
- 5+ years of total experience with 2+ years of hands-on experience
- Required Skills
- Microsoft ExcelMicrosoft Office SuitePowerPointRisk Management
Requirements
- Bachelor’s degree in Computer Science or related technology field or equivalent experience required.
- 5+ years of total experience
- 2+ years of hands-on experience designing, building, and supporting enterprise GRC and TPRM solutions.
- Understanding of GRC concepts and frameworks (e.g., ISO 27001, NIST, Cybersecurity Framework (CSF), SOC, GDPR)
- Experience: IT Compliance
- Experience: IT Audit
- Experience: IT Security
- Experience: Cloud Security
- Experience: PCI
- Experience: HITRUST
- Experience: HIPPA
- Experience: GRC
- Experience: Risk management
- Experience: Risk analysis
- Proficiency in Microsoft Office Suite (Word, Excel, PowerPoint).
- Relevant and Current Certifications Preferred: e.g., Certified in Governance, Risk and Compliance (CGRC), Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Auditor (CISA), GRC Professional (GRCP), etc.
- Knowledge and experience with OneTrust Tools is preferred.
Responsibilities
- Assist in the development, implementation, and maintenance of GRC frameworks and managing third-party risk.
- Contribute to the assessment and mitigation of organizational risks.
- Maintain internal policies, standards and security baselines, oriented toward compliance and regulatory standards - as well as, enforcement of secure practices.
- Manage risk acceptance and policy exception processes, ingesting risks and creating tracking, reporting and accountability mechanisms.
- Participate in audits of security controls and processes.
- Assist with the creation and maintenance of documentation related to GRC activities, TPRM, Business Continuity Planning (BCP), Business Impact Analysis (BIA) and Disaster Recovery.
- Assist in the identification of control gaps.
- Contribute to the development of remediation plans.
- Conduct due diligence on potential third-party vendors to evaluate their security posture, financial stability, and compliance with relevant regulations.
- Assist in monitoring compliance activities.
- Collaborate with various departments to integrate TPRM into vendor management processes.
- Perform vendor and product risk assessments, to align vendors and products with applicable standards, policies and security baselines.
- Create and maintain vendor questionnaire and Data Protection Agreements (DPA).
- Assist Legal with vendor reviews and responses.
- Conduct audits of third-party security controls, processes and vendor performance compliance and address and risks that arise.
- Aid in the development of risk training and awareness programs.
- Maintain GRC monitoring applications.
- Performs other related job duties, as assigned.
View Full Description & ApplyYou'll be redirected to the employer's site
