GRC Team Leader
Job Description:
Responsible for overseeing the execution of the GRC program in collaboration with the executive team as well as maintaining the organization's library of security controls.
Delivery of Security GRC management and processes that align with Security Strategy.
Create, implement, and monitor information security policies, processes, exceptions, and change management requests assessment to automate and continuously monitor information security controls, risks, testing, and incidents.
Implement and monitor cybersecurity measures that are in line with the GRC program and business objectives.
Define the organization's information security policy, design risk and vulnerability assessments, and develop information security policies.
Monitor the organization's compliance with all regulations and standards necessary, identify any compliance gaps, and work to mitigate them.
Carry out the risk management program for the organization and serve as a resource for risk management across various departments, including identifying, mitigating, and monitoring risks.
Implement security controls within the IT system in coordination with the cybersecurity analyst(s).
Develop goals for data privacy based on legal regulations and other compliance needs, design and implement privacy policies and practices, and assess these practices for effectiveness.
Develop and maintain a risk register and risk management framework.
Perform end-to-end IT solutioning/workflow risk assessment to identify potential risks and propose mitigation solutions.
Schedule regular assessments and testing of the effectiveness and efficiency of controls and create security metrics and dashboards.
Ensure that requirements in PCI Standards, IT Audit, Security Standards, Policy, Compliance, and Risk controls are met.
Update security controls and provide support to all stakeholders on security controls covering internal assessments, laws, and regulations.
Perform and investigate internal and external information security risk and exceptions assessments.
Maintain a deep knowledge of risk mitigation principles and techniques of the international risk and security standards to manage compliance with such standards and regulations including ISO 27001, ISO 27005, NIST, PCI/DSS, and more frameworks.
Remain current on best practices and technological advancements and act as the corporate technical resource for security assessment and regulatory compliance.
Support the management of information security governance for the organization, ensuring adherence to policies and standards.
Coordinate periodic security assessments and prioritize and manage response activities.
Assist with the client management aspects of the Information Security team, including client and potential client questionnaires; help design a more effective process including a self-service process and a library of standard responses.
Develop relevant metrics, analyze data, identify trends, and help drive improvements to the control environment.
Perform other related duties as assigned.
Job Requirements:
- Bachelor's degree in Engineering, Computer Science, or equivalent.
- 8+ years in cybersecurity; relevant IT certification is a plus.
- Experience implementing security policies and procedures within a multinational organization is a MUST.
- Very good communication skills.
- Certifications: ITIL, PMP, CISSP, or CISM (preferred).
- Proven leadership in managing large-scale cybersecurity operations.
- Strong stakeholder management and strategic planning skills.
- Experience leading an ISMS as part of an ISO27001 certified program.
- Experience leading PCI compliance and certification program.
- Recent experience working in a similar capacity in a financial services organization.
- Excellent interpersonal skills, comfortable working at all levels within an organization and in a wide variety of situations.
- The ability to work across multiple frameworks and regulatory standards including, but not limited to: NIST, PCI, ISO, and GDPR.
- Experience with information security frameworks and standards as well as risk management processes is a must.
- Experienced with performing information security audit processes or risk assessments.
- Expertise with security policy development, deployment, and adoption acceleration.
'/%3e%3cpath%20d='M101.744%2012.4726L102.894%2016.1947L99.0021%2013.2201L101.744%2012.4726ZM105.3%208.40937H100.488L99.0026%203.59473L97.5116%208.41047L92.7%208.40385L96.5965%2011.3834L95.1055%2016.1942L99.0021%2013.2196L101.408%2011.3834L105.3%208.40992V8.40937Z'%20fill='white'/%3e%3cdefs%3e%3clinearGradient%20id='paint0_linear_5593_1381'%20x1='90'%20y1='9.44471'%20x2='99'%20y2='9.44471'%20gradientUnits='userSpaceOnUse'%3e%3cstop%20stop-color='%2300AD70'/%3e%3cstop%20offset='0.998594'%20stop-color='%2300B67A'/%3e%3cstop%20offset='1'%20stop-color='%23DCDCE6'/%3e%3c/linearGradient%3e%3c/defs%3e%3c/svg%3e){kind=small}
job faster
