Manager, GRC Security

About The Position

Requirements

• 7+ years of experience in relevant GRC functions related to risk management, preferably with cloud SaaS providers.
• 5+ years of experience in cybersecurity, particularly in a SaaS or cloud environment.
• 3+ years experience leading a GRC team and managing people, including program planning, yearly performance reviews, coaching, career planning, and conflict resolution.
• Strong background in compliance and certification efforts for SOC2, ISO 27000 series, and NIST 800-53.
• Excellent interpersonal and communication skills with the ability to establish strong working relationships with both technical and non-technical staff.
• Demonstrated history of leading multi-year programs to increased levels of maturity and success.
• Demonstrated problem-solving capabilities, and the ability to manage complex and evolving security requirements.
• Familiarity with industry leading GRC tools and how to effectively leverage them to drive the overall program.

Responsibilities

• Mature the overall GRC strategy for the company, collaborating closely with other security team leaders, including LogicMonitor's CISO.
• Manage a team of security GRC professionals to advance the overall program.
• Collaborate with LogicMonitor's Legal and Privacy team on common areas such as security controls for fulfilling privacy requirements.
• Program manage all GRC initiatives to achieve successful, timely completion, while working closely with stakeholders outside of the Information Security Team.
• Evolve LogicMonitor's multi-year GRC strategy to embrace the company business strategy, market requirements, regulatory trends, industry trends, and the changing threat landscape.
• Seek out and lead the operationalization of automation technologies to improve efficiencies and the program velocity, collaborating with other teams company-wide as appropriate.
• Develop and operationalize metrics that quantify the effectiveness of the GRC program.
• Oversee the team's progress on fulfilling technical and non-technical FedRAMP security controls.
• Oversee the completion of annual external audits and certification efforts, including SOC2 Type 2, ISO 27001/17/18, FedRAMP, Australian IRAP controls, and company investor compliance requirements.
• Oversee the operationalization of an effective and comprehensive internal audit function to ensure satisfactory annual external audit results.
• Collaborate with other teams to collect security artifacts, manage deviations and exceptions, and improve processes to ensure an effective compliance program.
• Manage the team to ensure timely addressing of any non-conformity findings and corrections, including documentation and technical tasks.
• Oversee the execution and continuous improvement of cybersecurity risk management framework, processes, procedures, and activities.
• Oversee the benchmarking of risk management processes and dashboards with peer companies.
• Help socialize the risk management program and processes to key company stakeholders.
• Work with senior leaders to establish and improve integration of risk management processes into strategic planning processes.
• Cultivate strong working relationships with risk owners to ensure proper risk management program buy-in and accountability.
• Monitor the completeness of company initiatives and their impact on related cybersecurity risks.
• Collaborate with other security team leaders on advancing the company's third-party risk management program.
• Oversee IT system security consultation within cloud-based and on-premises environments in accordance with NIST SP 800-53, 800-37, ISO, and PCI.
• Support the team's development of System Security Plans, Continuous Monitoring, Plan of Action and Milestones, Security Controls Assessment, Risk Exposure and FIPS 199 categorization in accordance with NIST requirements.
• Support the CISO and the Infosec Program through proposed improvements around policy creation and content, maintenance, exception handling, enforcement, and metrics analysis.

Benefits

• Hybrid work environment
• Employee recognition programs
• Career development opportunities
• Diversity and inclusion initiatives
• Health and wellness programs