Cybersecurity Governance, Risk, and Compliance Lead

About The Position

Requirements

• Bachelor’s degree in Cybersecurity, Computer Science, Engineering, or related field
• Minimum of four (4) or more years of experience in cybersecurity
• Familiarity with cybersecurity frameworks, standards, and regulations.
• Legal authorization to work in the United States

Nice To Haves

• J.D. or LL.M. credential
• Minimum of eight (8) or more years of relevant industry experience, including cybersecurity legal experience and experience in cybersecurity GRC roles
• Strong understanding of cybersecurity principles and best practices, including knowledge of relevant industry specifications, standards, and frameworks such as IEC, ISO, NIST, and GDPR
• Experience in threat modeling, risk assessment, and vulnerability testing
• Experience in developing and conducting cybersecurity training programs and strong communication skills for effective policy development and stakeholder engagement
• Experience with embedded design engineering or working with embedded engineering teams
• Understanding of network infrastructure design and deployment
• Desirable security certifications: CISM, CISSP, CISA, CRISC

Responsibilities

• Governance and Policy Development : Developing and maintaining cybersecurity policies, procedures, and standards. Ensuring alignment with industry best practices and regulatory requirements.
• Risk Management : Identifying, evaluating, and prioritizing risks associated with product development and deployment. Developing strategies to mitigate these risks.
• Compliance Assurance : Ensuring that products and processes comply with relevant cybersecurity regulations and standards such as IEC, ISO, NIST, and GDPR. Conducting regular compliance audits and assessments.
• Cross-functional Collaboration : Working closely with product engineers, legal, and other departments to integrate GRC best practices into product development and company processes.
• Customer Security Assurance : Manage customer security questionnaires and audits to ensure accurate representation of the organization’s cybersecurity posture and compliance with industry standards.
• Training and Awareness : Developing and conducting cybersecurity training and awareness programs for employees.
• Incident Response and Reporting : Assisting in the development and maintenance of incident response plans. Ensuring timely reporting and compliance with legal and regulatory requirements in the event of a security breach.
• Contract Negotiation : Assist in negotiation of security or privacy contract terms
• Vendor and Third-party Risk Management : Assessing and managing the cybersecurity risks associated with third-party vendors and partners.

Benefits

• We prioritize providing flexible, competitive benefits plans to meet you and your family’s physical, mental, financial, and social needs.
• We provide a variety of medical insurance plans, with dental and vision coverage, Employee Assistance Program, 401(k), tuition reimbursement, employee resource groups, recognition, and much more.
• Our culture offers flexible time off plans, including paid parental leave (maternal and paternal), vacation and holiday leave.