Security Governance, Risk, and Compliance Lead

About The Position

Requirements

• 7+ years of experience in cybersecurity risk and/or compliance with significant experience at a company in a heavily regulated industry
• Software development and/or scripting experience, preferably in Python or Go
• Familiarity with standards-based security frameworks such as CIS, NIST-CSF, FedRAMP, or ISO
• Data analysis skills leveraging SQL, Elastic, OSQuery, and Prometheus preferred
• Experience building strong cross-functional relationships and working across multiple teams, both technical and non-technical
• Experience with Linux and comfortability on the command line (Debian is a huge plus!)
• Familiarity with financial industry regulations

Nice To Haves

• CISSP, CISM, or a similar certification is a plus

Responsibilities

• Manage and lead a team of security GRC engineers
• Perform internal and external security control assessments using industry standard frameworks such as NIST and CIS
• Conduct threat modeling and risk assessments
• Create and maintain security and compliance policies, standards, and guidelines
• Track regulatory security compliance obligations worldwide
• Work with cross-functional teams on program management to meet security and compliance KPIs
• Define critical success factors and KPIs to ensure firm-wide security compliance and security goals are met according to standards-based frameworks
• Monitor KPIs and create dashboards for real-time reports and board presentations
• Collect and analyze business metrics and build dashboards for reporting through data engineering
• Support the automation and governance of HRT’s critical security controls, encompassing: Vendor risk management Penetration testing Access management
• Ensure timely and accurate responses to requests for company data in collaboration with Compliance and Legal