Senior Security Governance Program Manager - Secure Configuration & Asset Management

About The Position

Requirements

• Bachelor’s degree in Business, Information Technology, related field, or equivalent experience.
• 8+ years of experience in GRC, audit, compliance, and regulatory.
• Must be authorized to work in the U.S. without the need for employment-based visa sponsorship now or in the future.
• Sponsorship and future sponsorship are not available for this opportunity, including employment-based visa types H-1B, L-1, O-1, H-1B1, F-1, J-1, OPT, or CPT.

Nice To Haves

• CISA, CGEIT, CRISC CISM, CISSP preferred

Responsibilities

• Lead development, monitoring, maintenance, and improvements of a foundational Security Governance pillar (i.e., cloud security governance, security metrics and reporting, security oversight, etc.)
• Subject matter expert dedicated to support enterprise governance needs for a specific area of governance to improve the enterprise security programs based on compliance and risk factors.
• Plan and manage requirements and track completion of objectives for security risk, compliance and assessment related to a specific area within enterprise security such as cloud, security metrics and reporting or the findings and remediation program.
• Drive and execute initiatives involving cross-departmental dependencies.
• Manage projects to improve and strengthen the enterprise security posture and reduce security risk including requirements collection, initiation, planning, execution, status reporting and closure.
• Maintain awareness of existing and proposed enterprise security policies and standards.
• Provides support in security policy and standard development.
• Utilize expert knowledge in multiple security domains, while maintaining in-depth across all security domains.
• Identify regulatory changes that will affect information security policies, standards and procedures, and recommends appropriate changes.
• Support security control owners with control design and implementation.
• Lead the design, evaluation, and oversight of controls for key security and security IT projects, programs, applications, and systems, e.g., the Enterprise Control Framework.
• Lead activities related to the lifecycle of remediation activities including, delivery timeline tracking, action plan development, gathering and review of evidence artifacts, providing feedback regarding appropriateness of evidence artifacts, and development of documentation to submit for closure.
• Drive the direction, development, and maturity of the enterprise GRC tool(s).
• Prepare governance documentation for Senior Management including team, Board, and other reporting initiatives as needed.
• Continue to look for ways to improve processes and contributes to excellence in team.
• Lead complex projects, on time and on budget, escalating concerns and providing weekly updates.
• Develop and implement best practices regarding gathering, reporting and representation of security KPIs and KRIs to various stakeholders.
• Performs other duties as assigned.
• Complies with all policies and standards.

Benefits

• competitive pay
• health insurance
• 401K and stock purchase plans
• tuition reimbursement
• paid time off plus holidays
• a flexible approach to work with remote, hybrid, field or office work schedules