Sr. Manager, Information Security

About The Position

Requirements

• 7+ years in an information security GRC role testing, monitoring, assurance within compliance, audit and operations with at least 3+ years in a management or team lead role
• Strong people skills, including the ability to partner effectively and influence change with stakeholders across the organization
• Strong knowledge of information security governance, risk, and IT Controls compliance program
• Strong understanding of cybersecurity, networking, system and cloud technologies
• Strong experience with testing and monitoring manual and automated controls
• Experience with conducting risk assessment and knowledge of current industry good practice for risk assessment methodologies and tools,( e.g., FEDRAMP, NIST, ISO)
• Should possess relevant technical/professional qualifications/certification such as CISSP, CISM, CISA or ISO 27001 Lead Auditor/Implementer equivalent.
• US Citizen

Nice To Haves

• Experience in performing risk assessments.
• Experience in third party (vendor) risk management
• Knowledge and experience in managing GRC tools.
• Highly analytical with the ability to present your analysis
• Strong written and verbal communication
• Experience in maintaining metrics and measures.
• Experience in supporting customer audits
• Experience working with software engineering teams in an agile/dynamic environment
• General understanding of meeting multiple/global compliance frameworks such as ISO 27001, FedRAMP, SSAE-18 SOC2, CSA STAR, Security Control Framework, HIPAA, PCI-DSS, etc.

Responsibilities

• Responsible for managerial responsibilities such as staffing, performance assessment, career path planning, training, and coaching/mentoring for all GRC team members
• Evaluating design and operating effectiveness of controls
• Ability to monitor, measure and test core business processes against internal policies and procedures
• Validating test procedures against controls, issue identification, root cause analysis and impact assessment
• Documenting results following compliance framework to arrive to conclusions
• Deliver value and insights by providing recommendations/improvements around processes and/or controls to business partners
• Effectively communicate and report out on plans, status, issues, risks, and requirements to all levels of stakeholders
• Develop and manage Metrics and Measures Programs
• Provides training, and coaching for Analysts, Engineers, and business partners
• Keep up-to-date on industry and regulatory changes
• Assist in conducting enterprise-wide, ongoing risk analysis in tandem with compliance and internal audit.
• Assist in the development and management of the Cyber Risk Management Program and performing supporting tasks
• Support Customer risk assessments, audits, and evidence collection.
• Contributes to security procedures and requirements documentation
• Assists in development and maintenance of Information Security control mappings to defined frameworks