Director, Information Security Governance, Risk and Compliance
About The Position
Oversees the processes and personnel involved in the Governance, Risk and Compliance (GRC) functions of the Information Security Department. Leads a team with a hands-on approach; ensures that risk assessments, security training and awareness, third party risk management, and other risk functions are performed in a consistent and thorough manner aligned with industry best practices and recognized security frameworks. Works with internal and external auditors to assess the maturity of the Information Security program. Furthers the maturity of the GRC program through the adoption and refinement of tools, standards, and processes in order to assist the overall Information Security Department to communicate and prioritize risk, and develop a risk-informed strategy for addressing current gaps and future threats. Salary is commensurate with experience.
Requirements
- Current Cybersecurity certification, such as, Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Security Auditor (CISA), Certified Risk and Information Systems Control (CRISC), Global Information Assurance Certification (GIAC), or equivalent information security certification.
- Master's degree in Computer Science, Information Systems or a related field and the equivalent of eight (8) years of full-time experience in information security related hardware, software and processes; or
- Bachelor's degree in Computer Science, Information Systems or a related field and the equivalent of ten (10) years of full-time experience in information security related hardware, software, and processes; or
- Associate's degree in Computer Science, Information Systems or a related field and the equivalent of twelve (12) years of full-time experience in information security related hardware, software, and processes; or
- High School Diploma or High School Equivalency Diploma and the equivalent of fourteen (14) years of full-time experience in information security related hardware, software and processes.
- NOTE: Required degrees must have been granted by an accredited school, college or university or one recognized by Roswell Park Comprehensive Cancer Center as following acceptable educational practices.
Responsibilities
- Oversees the processes and personnel involved in the Governance, Risk and Compliance (GRC) functions of the Information Security Department.
- Leads a team with a hands-on approach
- Ensures that risk assessments, security training and awareness, third party risk management, and other risk functions are performed in a consistent and thorough manner aligned with industry best practices and recognized security frameworks.
- Works with internal and external auditors to assess the maturity of the Information Security program.
- Furthers the maturity of the GRC program through the adoption and refinement of tools, standards, and processes in order to assist the overall Information Security Department to communicate and prioritize risk, and develop a risk-informed strategy for addressing current gaps and future threats.
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Director
Number of Employees
1,001-5,000 employees
