Listing Description

We are seeking a Cybersecurity Governance, Risk and Compliance (GRC) Risk Manager to join our growing Information Security team.  Reporting to the VP, Information Security, the successful candidate will be responsible for identifying, assessing, and mitigating potential cyber threats to an organization while also ensuring compliance with relevant regulations and standards. They work to protect the organization's sensitive data and systems by implementing security measures, monitoring for potential breaches, and responding to security incidents. Finally, they will play an essential role in executing tasks that support the firm’s strategy around IT General Controls and ISO 27001.

As the role of GRC Risk Manager is to ensure compliance with regulatory standards and best practices, this role may also involve working closely with Legal and Compliance teams to ensure that the organization is adhering to all relevant laws and regulations.

Key Responsibilities:

• Monitor the adequacy of the controls designed to mitigate the inherent risks in GLG’s Information Security control environment.


• Work closely with auditors, examiners, and security leadership to ensure cybersecurity and audit policies and practices, are aligned with an appropriate level of risk.


• Implement new policies and process that align to GLG’s IT General Control (ITGC) and ISO 27001 strategy


• Specify guidance on key risk indicators and testing methodology, validation and alignment with policies and documentation.


• Encourage and enforce a strong security philosophy set forth by risk management, building uniformity across technical teams, business units and employees.


• Build and foster strong and lasting partnerships with internal business stakeholders through proactive communication.


• Engage with third party partners to validate adequate controls.


• Remain up-to-date on security threats, vulnerabilities and mitigations set forth by IT and security teams to reduce the corporate attack surface.


• Serve as a point of contact and liaison with external examiners for assessments and evaluations.


• Draft and deliver presentations to management documenting assessment results and recommendations for corrective action.


• Stay abreast of new laws, regulations and standards, measure business impact and mitigation steps.

Skills and Experience:

• 8-10 years IT or cybersecurity experience (both are a plus), with at least 5 years in an operationally focused IT or information security practitioner role.


• Retain expertise in one or more compliance standards, including Sarbanes-Oxley Act (SOX), and International Standards Organization (ISO) 27001


• Proven experience with auditors, examiners, and security leadership to ensure cybersecurity, audit policies and practices, are aligned with an appropriate level of risk


• Demonstrated experience with GRC tools


• Superior expertise writing and maintaining policies that reflect the current control environment


• Ability to weigh and balance risk vs. business requirements


• Strong written and verbal communication skills across all levels of the organization.


• Superb analytical and problem-solving skills


• Skilled at working with diverse teams and promoting enterprise-wide risk management rigor and security-first culture


• Proven experience in project management, multitasking and organizational skills


• Knowledgeable about national and global cybersecurity policies, regulations, privacy and security frameworks

What We Offer

The base salary range for this role is $84,800 to $180,000. This role may also be eligible for incentive compensation.

• Benefits for this role include:


• Flexible paid time off. No pre-determined limits on vacation time, plus 10 company holidays.


• Comprehensive medical, dental and vision coverage effective on your first day of employment


• 401(k) and Roth 401(k) plans with an employer match (subject to annual limits & vesting)


• Access to free Learning & Development resources including LinkedIn Learning and Harvard ManageMentor


• Tuition reimbursement program for eligible courses including language skills courses


• Flexible / Hybrid working arrangements typically requiring 8 days per month in-office


• Paid parental leave, adoption and surrogacy reimbursement


• Formal nationally recognized Rewards and Recognition and service recognition programs


• Free wellbeing support with the Calm app, Maven and EAP, and free long-term therapy & counselling assistance through Pathways.


• Discounted pet, auto, and home insurance

GLG is committed to fair and equitable compensation practices. Actual compensation is based on several factors that are unique to each candidate, including but not limited to skill set, depth of experience, certifications, and specific work location. This may be different in other locations due to differences in the cost of labor.