GRC Risk Manager

About The Position

Requirements

• A minimum of 7 years of experience in information security risk management, including business impact analysis, risk assessment and treatment, risk metrics and trend analysis.
• Possess a bachelor’s degree or higher in the field of information security, engineering, computer science or equivalent advance technology field of study.
• Strong knowledge of security and data privacy standards and regulations such as ISO 27k, NIST, CIS, GDPR, CCPA, PCI DSS.
• Team management experience, including setting and aligning team and individual goals, providing clear and timely feedback, and fostering collaboration.
• Experience developing and deploying risk management frameworks and programs, preferably with international experience in an e-commerce or technology related industry.
• Strong analytical and problem-solving skills.
• Strong written and verbal communication skills, with the ability to translate complex and technical issues to all levels of personnel.
• Detail oriented and highly organized, with the ability to thrive in a fast-paced environment and prioritize accordingly.
• High level of personal integrity, with the ability to professionally handle confidential matters and exudes the appropriate level of judgment and maturity.

Nice To Haves

• Relevant security certifications, such as CISSP, CISM, CISA, ISO 27001 Lead Auditor are highly desired.
• Experience with deploying GRC tools is desirable.
• Practical knowledge and experience working with threat modeling frameworks such as STRIDE, MITRE ATT&CK, OCTAVE is desirable.

Responsibilities

• Develop, implement, mature, and champion risk management processes and concepts.
• Deploy the risk management framework, processes, and tools to conduct risk assessments effectively and consistently.
• Manage the risk register and define and report key risk metrics to management on a regular basis.
• Conduct risk assessments of business units, critical processes and information assets.
• Conduct third-party risk assessments and security reviews of third-party agreements.
• Work closely with technology and legal partners and business units to ensure appropriate security and data protection requirements are incorporated into third-party engagements.
• Prepare risk assessment reports to inform risk treatment decisions.
• Track and monitor remediation and risk management activities.
• Maintain a current and comprehensive understanding of relevant industry standards to incorporate into the risk management strategy, framework, and program.
• Support integration and maturation of policy, compliance, and risk frameworks.

Benefits

• Bonus and RSU eligible
• Healthcare (medical, dental, vision, prescription drugs)
• Health Savings Account with Employer Funding
• Flexible Spending Accounts (Healthcare and Dependent care)
• Company-Paid Basic Life/AD&D insurance
• Company-Paid Short-Term and Long-Term Disability
• Voluntary Benefit Offerings (Voluntary Life/AD&D, Hospital Indemnity, Critical Illness, and Accident)
• Employee Assistance Program
• Business Travel Accident Insurance
• 401(k) Savings Plan with discretionary company match and access to a financial advisor
• Vacation, paid holidays, floating holiday and sick days
• Employee discounts
• Free weekly catered lunch
• Dog-friendly office (available at select locations)
• Free gym access (available at select locations)
• Free swag giveaways
• Annual Holiday Party
• Invitations to pop-ups and other company events
• Complimentary daily office snacks and beverages