Cybersecurity Governance, Risk and Compliance Manager

About The Position

Requirements

• Bachelors’ degree in Information Management, Information Security, Computer Engineering, Computer Science, or other closely related disciplines. Equivalent experience may be considered in lieu of a formal degree
• Minimum of seven (7) years of experience in cybersecurity related functions, risk management, audit, risk assurance, compliance, or similar area
• Minimum of four (4) years of progressive experience leading and managing a team building custom technical solutions and implementing third-party products is required
• Extensive cybersecurity governance, risk management, and compliance leadership experience in a large complex business organization
• Detailed working knowledge and prior experience in building and maintaining risk management framework, risk management processes, and associated reporting models
• Experience developing and implementing third-party risk management frameworks and processes
• Experience and familiarity with cloud data security and working with public cloud solutions
• Experience working with a Governance Risk and Compliance tool
• Experience identifying, evaluating, and managing risk in a complex and changing global environment
• Experience developing or leading impactful cybersecurity awareness materials and campaigns at a global level
• Prior experience developing security standards and policies and discerning and designing an organization’s protection needs (i.e. security controls) for information systems and networks
• Experience with asset management
• Demonstrated ability to prioritize and execute tasks in a high-pressure environment
• Requires self-motivated approach to work with keen attention to detail
• A proactive goal achiever who innovates to go above and beyond expectations to get the job done and is comfortable working in a fast-paced, dynamic environment
• At least one of the following certifications is required or must be obtained within your first 12 months of employment: CISA, CISM, CRISC, or CISSP
• Deep understanding of risk-based decision-making (i.e. risk analysis, mitigation, resolution, acceptance, etc.)
• Experience with technical documentation related to PCI DSS, ISO 27001, NIST, SOC 2 and continuous monitoring
• Demonstrate strong verbal and written communication skills as well as strong analytical and problem-solving abilities
• Strong process design, time management and organizational skills
• Strong work ethic, leadership skills, initiative, and ownership of work
• Proven ability to build consensus and support across the organization
• Proven ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means

Nice To Haves

• Deep understanding of cybersecurity and the relationship between threat, vulnerability, and information value in the context of governance, compliance, and risk management preferred.
• Knowledge of current industry methods for evaluating, implementing, and disseminating information technology (IT) security tools and procedures preferred.
• An understanding of emerging technology and digital trends and their impacts on cybersecurity preferred.
• High proficiency with common cybersecurity management frameworks, regulatory requirements, and industry leading practices
• Strong knowledge of third-party management leading practices and the potential cybersecurity risks involved in third-party relationships
• Strong knowledge of organizational training and education policies, processes, and procedures

Responsibilities

• Drive compliance leadership and engagement with the stakeholder operations teams to ensure the timely identification of cyber risk across markets as well as compliance with all appropriate regulatory requirements and internal cybersecurity policies and standards
• Develop and implement a cybersecurity risk assessment framework/methodology, standards, guidelines, and procedures with KPIs and coordinate the assessment across all business verticals
• Develop and oversee the adoption of a global cybersecurity policies and standards framework. In addition, ensure these global policies and standards (and any exceptions to them) are maintained current and relevant, and appropriately managed over their lifecycle
• Collaborate with Legal and Corporate Data Protection functions in the interpretation of regulatory requirements and compliance expectations, and ensure cybersecurity and regulatory requirements are properly addressed in third party contracts
• Lead the development of a high-value asset framework, information management controls to drive the proper application of security controls in a manner that is commensurate with the associated risks
• Lead the development of and oversee a global cybersecurity training, education, and awareness program
• Lead a strong team of professionals assigned to major initiatives ensuring dependable and responsive support to the organization
• Maintaining up-to-date, detailed knowledge of the IT security industry including awareness of new or improved security solutions and policies, processes, and procedures. Share and educate colleagues to mature the organization
• Develop and manage compliance metrics within the governance risk and compliance system, and report on the effectiveness of governance and compliance activities by collecting and aggregated key risk and compliance metrics
• Responsible for hiring, training, performance management, and corrective actions for direct reports. Collaborate with team members on career development and goal setting