Listing Description
The Governance, Risk and Compliance Manager is responsible for assessing and documenting the organization’s compliance and risk posture to ensure that the confidentiality, integrity and availability of the its network and computer infrastructure (and the information assets therein) are protected at all times.
Essential Functions
- Operate with independence and objectivity in matters relating to the investigation, impact, and analysis of security incidents, decisions regarding risk, and measures for computer and network security.
- Internally assess, evaluate and make recommendations to GRC senior management regarding adequacy of security controls for the organization’s information and technology systems.
- Analyze results from vulnerability risk assessments and penetration testing engagements. Assess likelihood and impact of exploitations from issues identified in these assessments, compensating controls that mitigate risk and recommend priorities for remediation.
- Review and update the organization’s information security policies and standards to ensure continued effectiveness and compliance with applicable Federal, State, and local laws. Monitor organizational compliance with the policies and standards and address deviations in a prompt and professional manner.
- Work with Internal Audit and outside consultants as appropriate on security assessments that include SOC 1 Type 2, SOX, FINRA, SEC-related and internal audits.
- Supervise a team of 2 Information Security Compliance Analysts. Oversee their performance of control activities that assess whether IT operations are within accepted risk levels. Promptly escalate issues for resolution when risk limits are exceeded. Provide performance feedback to guide the team in continuous improvement and professional growth.
- Perform incident response on security events affecting the organization. Support Legal and HR with regards to eDiscovery matters.
- Ensure that daily, weekly, and monthly statistics and status reports are completed with analysis that drives understanding of root cause factors impacting risk levels for the organization.
Job Requirements
- Bachelor's degree in Business, Computer Technology or Information Security required.
- Minimum 5 years proven and progressive experience within the field of information security. Industry experience in financial services is a plus.
- One or more security certifications such as CISSP, CISM, CISA GIAC (GSEC, GPEN, GCIA, GCFA, etc.) preferred.
- Hands on knowledge of Microsoft Azure, O365, Tenable Nessus and modern authentication methods (OAuth 2.0, Open ID Connect, SAML 2.0) is preferred.
- Strong problem solving and communication skills, both verbal and written.
- Solid analytical skills in evaluating technical risks within the organization’s infrastructure, applications and network.
- Excellent PC skills, including Microsoft Office Suite.
- Ability to work concurrently on multiple activities through effective planning and time management.
The above statements are intended to describe the general nature and level of work being performed by individuals in, or assigned to, the above position and are not intended to be construed as an exhaustive list of all responsibilities, duties and skills required, and may be changed at the discretion of the Company.
Listing Details
- Salary: $106000 - $150000
- Citizenship: Us Citizen
- Incentives: Bonus
- Education: Bachelors Degree
- Travel: No Travel
- Telework: No Telecommute