Manager, GRC Security

Logicmonitor-posted about 1 year ago
$136,500 - $160,650/Yr
Full-time • Senior
Boston, MA
Professional, Scientific, and Technical Services
Resume
Match Score
Upload and Match ResumeTrack Jobs with Teal

The Information Security role at LogicMonitor focuses on maturing the Governance, Risk, and Compliance (GRC) strategy of the company. This position involves managing a team of security GRC professionals, collaborating with various stakeholders, and overseeing compliance and risk management initiatives. The role is pivotal in ensuring the organization meets regulatory requirements and maintains high standards of security and compliance, particularly in a cloud-based environment.

  • Mature the overall GRC strategy for the company, collaborating closely with other security team leaders, including LogicMonitor's CISO.
  • Manage a team of security GRC professionals to advance the overall program.
  • Collaborate with LogicMonitor's Legal and Privacy team on common areas such as security controls for fulfilling privacy requirements.
  • Program manage all GRC initiatives to achieve successful, timely completion, while working closely with stakeholders outside of the Information Security Team.
  • Evolve LogicMonitor's multi-year GRC strategy to embrace the company business strategy, market requirements, regulatory trends, industry trends, and the changing threat landscape.
  • Seek out and lead the operationalization of automation technologies to improve efficiencies and the program velocity, collaborating with other teams company-wide as appropriate.
  • Develop and operationalize metrics that quantify the effectiveness of the GRC program.
  • Oversee the team's progress on fulfilling technical and non-technical FedRAMP security controls.
  • Oversee the completion of annual external audits and certification efforts, including SOC2 Type 2, ISO 27001/17/18, FedRAMP, Australian IRAP controls, and company investor compliance requirements.
  • Oversee the operationalization of an effective and comprehensive internal audit function to ensure satisfactory annual external audit results.
  • Collaborate with other teams to collect security artifacts, manage deviations and exceptions, and improve processes to ensure an effective compliance program.
  • Manage the team to ensure timely addressing of any non-conformity findings and corrections, including documentation and technical tasks.
  • Oversee the execution and continuous improvement of cybersecurity risk management framework, processes, procedures, and activities.
  • Oversee the benchmarking of risk management processes and dashboards with peer companies.
  • Help socialize the risk management program and processes to key company stakeholders.
  • Work with senior leaders to establish and improve integration of risk management processes into strategic planning processes.
  • Cultivate strong working relationships with risk owners to ensure proper risk management program buy-in and accountability.
  • Monitor the completeness of company initiatives and their impact on related cybersecurity risks.
  • Collaborate with other security team leaders on advancing the company's third-party risk management program.
  • Oversee IT system security consultation within cloud-based and on-premises environments in accordance with NIST SP 800-53, 800-37, ISO, and PCI.
  • Support the team's development of System Security Plans, Continuous Monitoring, Plan of Action and Milestones, Security Controls Assessment, Risk Exposure and FIPS 199 categorization in accordance with NIST requirements.
  • Support the CISO and the Infosec Program through proposed improvements around policy creation and content, maintenance, exception handling, enforcement, and metrics analysis.
  • 7+ years of experience in relevant GRC functions related to risk management, preferably with cloud SaaS providers.
  • 5+ years of experience in cybersecurity, particularly in a SaaS or cloud environment.
  • 3+ years experience leading a GRC team and managing people, including program planning, yearly performance reviews, coaching, career planning, and conflict resolution.
  • Strong background in compliance and certification efforts for SOC2, ISO 27000 series, and NIST 800-53.
  • Excellent interpersonal and communication skills with the ability to establish strong working relationships with both technical and non-technical staff.
  • Demonstrated history of leading multi-year programs to increased levels of maturity and success.
  • Demonstrated problem-solving capabilities, and the ability to manage complex and evolving security requirements.
  • Familiarity with industry leading GRC tools and how to effectively leverage them to drive the overall program.
  • Comprehensive health, dental and vision coverage
  • Generous parental leave policies
  • Access to Employee Assistance Program
  • Various Wellness programs
  • 401K with company matching
  • Learning and development stipend
  • Unlimited vacation policy
Track Jobs with Teal

Job Search Resources

Resume Builder
Resume Examples
Cover Letter Examples

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service