Security GRC Specialist - Regulatory Lead

About The Position

Requirements

• 8-10 years’ demonstrable experience in security GRC, security project management, and other security practices
• Working knowledge of relevant cybersecurity and data privacy regulations
• Knowledge of common security frameworks (NIST CSF, ISO 27001, COBIT, FFIEC CAT, etc.)
• Proficient with MS Office, project management processes, and at least one GRC tool (highly preferred to have experience with RSA Archer)
• Solid understanding of common security topics (e.g., application security, infrastructure security, vulnerability management, Identity and Access Management, data protection, cyber incident response, cloud security, etc.)
• Requires strong analytical skills, oral and written communication skills including documentation of requirements, problem solving skills, and project/program management skills and presentation skills
• Experience in managing risk and compliance (IT audit, IT or cyber risk management, regulatory compliance)
• Degree in IT, Computer Science, Cybersecurity, or related subject required
• Certified training in security management, risk and compliance solutions and practices
• Ability to work towards or has achieved at least one Information Security or Risk Management Certification (Security+, CISSP, CCSP, CCSK, CISA, CISM, GSEC, CRISC, etc.)

Responsibilities

• Cybersecurity Regulatory Lead Manage the regional cyber regulatory compliance program including\: assessing requirements, communicating and working with internal stakeholders to ensure required controls are in place and supporting documentation is maintained. Review controls implemented for appropriateness, effectiveness, and completeness. Assist, follow-up and report on any necessary remediation actions. Act as a subject matter expert for all DFS500-related matters and ensure the bank maintains and enhances its level of compliance with DFS500 requirements Assist during cyber regulatory examinations by preparing presentations, responses and associated artifacts Act as the subject matter expert to develop and maintain an effective FFIEC CAT framework for the bank Manage the FFIEC CAT inherent and maturity assessments Develop related reports and metrics
• Security GRC Framework Contributor Maintain an in-depth understanding of the broad regulatory landscape impacting business and IT areas Understand the impact of laws and regulations on company systems and technology Map external and internal requirements against security controls in place Develop and implement the components of the security GRC Framework for SG AMER mapping threats, vulnerabilities, risks, assets, stakeholders, assessments, standards, policies, controls into a holistic lifecycle to achieve Assess and Test Once, Report Multiple Times Actively manage the security GRC framework by: Performing various security risk assessments to identify residual risks and control gaps Ensuring clients, regulatory, and internal requirements are being met consistently and effectively Ensuring the required and expected controls are in place and working as they should Reviewing, and maintaining security policies, standards and procedures as needed Recommending tooling and process improvements of the Security GRC function, including automation Providing multi-level reporting to stakeholders in the company Build partnerships across the organization\: Audit, Legal, Compliance, Information Technology, business operations, Risk management, etc. to ensure the security GRC program is aligned with business objectives and requirements
• Documentation, Reporting & Analytics Contribute to the reporting framework that will provide regular metrics about our business and IT environment; analyze trends in security events, activities, etc. to better understand risks, and current gaps.