GRC Risk Principal

About The Position

Requirements

• Minimum of 6 years of security experience, with a combined background of technology and compliance, preferred.
• Minimum of 3 years in GRC leadership positions, with experience managing any Security Governance, Risks, and Compliance functions or Internal Audit function.
• Extensive experience in risk management, vendor and client security management.
• Familiarity with cyber security and risk management frameworks, with experience in implementing and applying frameworks into actionable tasks.
• Extensive experience with cloud and AI risk management.
• Experience managing, and working with, global teams.
• Experience in mergers, acquisitions, and divestitures.
• Experienced in management and operations, with a proven record of streamlining processes to boost agility, efficiency, and growth while ensuring security.
• Excellent communication and presentation abilities, enabling clear explanation of complex risk matters to executive management, as well as effective interaction with technology, development, and business partners.
• Demonstrated expertise in relationship management, team development, and facilitation.
• Experience in a complex matrix organization supporting both operational and transformational initiatives for business units, while focusing on Security & Trust goals.
• Demonstrated capability for strategic thinking, combined with a strong sense of urgency and meticulous attention to detail.
• Strong team player that collaborates well with others to solve problems and actively incorporates input from various sources.
• Independent and creative thinker with the willingness to "step outside the box" and take reasonable, calculated risks.
• CISSP and CISM certifications and/or advanced degree.
• A high school diploma or equivalent is required; a college or university degree is a plus.

Responsibilities

• Work with the team and other leaders to refine and manage enterprise-wide security governance and risk management programs and ensure Security and Trust practices align with business objectives, vision, and evolving risks and compliance challenges.
• Design and drive the integrated risk management strategy, framework, tools, and processes.
• Take responsibility as a leader for delivering outcomes and change in the business. This requires the ability to influence and communicate as much as being a subject matter expert.
• Oversee, manage, and communicate risks.
• Govern, optimize, and monitor policies and policy performance.
• Strengthen cross-functional security governance model and effectively run various governance committees to ensure stakeholders align on the risk acceptance level, and priorities to manage risks.
• Work collaboratively with stakeholders like procurement, legal, IT and others to enhance the third-party risk management program and ensure security risks are addressed from evaluation of the vendors/suppliers and contracts negotiation to ongoing assessment of vendors/suppliers' security posture.
• Set the direction and mature the security awareness and training program. Establish an ongoing awareness and training program to strengthen security culture.
• Enhance GRC dashboard and reporting. Continuously analyze risk control effectiveness of the organization, overall security resilience, risk posture improvement, and maturity growth.
• Work closely with business unit leaders and external entities as needed to support Enterprise Risk Management.

Benefits

• Comprehensive medical, dental, and vision insurance.
• 401(k) with employer matching.
• Generous paid time off and holidays.
• Flexible spending accounts and health savings accounts.
• Employee assistance programs.
• Training and development opportunities.
• Adoption assistance program.