Role Summary
We are seeking a Governance, Risk, and Compliance (GRC) Manager to serve as a Senior Advisor of our cybersecurity consulting services team, dedicated to a client and required to be on-site at their location. In this role, you will be committed to protecting the client's critical assets and data. You will ensure the organization's compliance with industry and regulatory cybersecurity standards while managing information security risks and maintaining governance frameworks. Key responsibilities include supporting the client's cyber risk management strategy, including vulnerability management, and acting as the primary contact for auditors. The GRC Manager will work closely with security leadership to assess and validate the security program, with a focus on risk management and corporate resiliency.
Essential Job Duties
- Conduct enterprise-wide, ongoing risk analysis in coordination with compliance and security.
- Maintain oversight in a GRC-related platform.
- Identify and address weaknesses in the security program as they relate to privacy, cyber risk, business resiliency and compliance frameworks.
- Document, formulate and enforce areas of security improvement that balance risk with business operations and do not diminish efficiencies or innovation.
- Support oversight of third parties, vendors and business partners to safeguard against undue risk presented by external entities. Escalate to security management and business unit leads when points of weakness are discovered.
- Analyze and document findings, and recommend and report program gaps to security leadership.
- Monitor current and proposed security changes impacting regulatory, privacy and security industry best practice guidance. Apply GRC expertise across key lines of business, including products, practices and procedures.
- Define qualitative and quantitative metrics to assess the success of the security program and provide regular reports to security and business leadership.
- Ensure security and technology teams maintain up-to-date configuration documentation for systems and processes.
- Attend and fully engage in change and project management meetings.
- Liaison with auditors, both internal and external, to maintain and implement controls for compliance and privacy laws.
- Develop and implement risk mitigation strategies and controls to address identified risks and ensure compliance with security standards and regulations.
- Establish and maintain information security governance frameworks, policies, and procedures to guide the organization in managing and protecting sensitive information.
- Threat & Vulnerability Management: Perform regular threat assessments and vulnerability scans, coordinating with relevant teams to remediate risks and strengthen the organization's security posture.
- Act as a point of contact for disaster recovery and business continuity as it relates to security frameworks, compliance and privacy laws.
- Perform other duties as assigned.
Qualifications
Education and Certifications:
- Bachelor's degree in computer science, information assurance, MIS or related field, or equivalent industry experience.
- Holds or is working toward one or more of the following: CISSP, CRISC, CGEIT or GRCP.
Experience:
- At least 5+ years' experience in cybersecurity as a practitioner and with at least 2 to 3+ years exposure with various security frameworks.
- Prior experience with leading GRC systems from vendors such as RSA, MetricStream and Riskonnect.
- Demonstrated problem-solving capabilities, and ability to manage complex local and international security requirements.
- Successful track record of managing external entities' contracts and relationships, and mitigating risks to business development opportunities.
Technical Skills:
- Experience and understanding of various cybersecurity standards, including but not limited to ISO 27001 and NIST.
- Familiarity with threat and vulnerability management, including assessment and remediation practices.
- Familiarity with state, federal and international privacy laws.
Soft Skills:
- Exceptional written and verbal communication skills, and proven ability to translate security and risk to all levels of the business.
- Ability to work independently and collaboratively in a fast-paced environment.
- Attention to detail and a strong commitment to maintaining the confidentiality and integrity of information assets.
- Self-motivated, directed and well-organized, with the vision to position controls in anticipation of threats.
Physical Requirements
The physical demands and work environment characteristics here are representative of those that must be met by the employee to successfully perform the essential functions of this position. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
- This position requires the individual to be able to meet the physical demands that would require meeting with people in public and private locations, speaking in public and possible additional related demands.
- The employee must be able to sit or stand for extended periods throughout the workday.
- The employee must be able to work in various environments, including traveling for extended periods, participating in meetings, and attending events.
- The employee must be able to use a computer keyboard and mouse, as well as other office equipment.
- The employee must be able to regularly engage in verbal communication, which includes talking and listening effectively in person, over the phone, and during virtual meetings.
- The employee is frequently required to use hands to finger, handle or feel objects, tools or controls; reach with hands and arms.
- The employee should be able to lift and/or move up to 20 pounds.
- The employee is occasionally required to stand, walk, sit, climb or balance, stoop, kneel, crouch or crawl.
- Specific vision abilities required by this position include close vision, distance vision, color vision, peripheral vision and the ability to adjust focus.
- The noise level in the work environment is usually moderate.
Note: the above statements are intended to summarize the nature and level of the work and typical responsibilities and duties being performed by the incumbents of this job. They are not intended to be an exhaustive list of all responsibilities, duties and tasks required of the position.
Equal Opportunity Statement
Cyber Defense Labs is an equal opportunity employer and strives to ensure our workforce reflects the diversity of the communities we serve. All qualified applicants will receive consideration for employment without regard to disability, race, color, religion, sex, national origin, sexual orientation, gender identity, or any other characteristic protected by law.
We are committed to providing reasonable accommodations to qualified individuals with disabilities. If you need an accommodation to participate in the application process, please contact ...@cyberdefenselabs.com.
This job description is for the exempt position of GRC Manager has been approved by management.