Join the World's Top Legal Talent Network

What you’ll be doing:

• Manage the development, annual review, and off-cycle requests for security policy and standards. 
• Manage the development and operation of cyber risk management programs, driving the documentation and management of risk treatment.
• Manage the execution of cyber risk assessments for business processes, technology, and products
• Provide guidance for the risk treatment/management process
• Build functions for the engagement of privacy, trust and GRC programs with customers, employees, and stakeholders to enable “Security-as-a-service” principles and goals
• Manage the GRC tooling and associated data
• Manage external audits by customers and certification bodies through the audit lifecycle
• Direct security IT audits to include evidence of lifecycle management, control walkthrough scheduling and execution, documentation of control CAPs, and management of corrective action plans
• Own and manage the development of security compliance programs for industry security frameworks (SOX ITGCs, AICPA TSC [SOC 2], ISO 27001, GDPR, CCPA, NIST CSF, etc)
• Make recommendations to management regarding programs, processes, etc.
• Provide support and mentors others on the team, sharing insights, knowledge, and experience
• Complete peer review for the team to ensure others understand data sources, improve

What you must have:

• Bachelor’s degree in computer science, Information Systems Management, Cybersecurity, Information Assurance or related field or equivalent relevant experience
• 8+ years of technical professional experience in IT audit, IT risk management, or security governance
• Extensive experience in assessing the effectiveness of information security controls (test of design, test of effectiveness, etc)
• Strong understanding experience with cyber risk management and mitigation
• Experience in access management, change management, security operations, etc
• Strong knowledge of multiple industry accepted information security frameworks (e.g. SOX ITGCs, AICPA TSC [SOC 2], ISO 27001, GDPR, CCPA, INST CSF, etc)
• Experience with public cloud solutions providers (AWS, Azure, and/or GCP)
• Experience bringing out GRC functions within third-party tooling platforms (Archer, Metricstream, ServiceNow, etc.)
• Strong working knowledge of Microsoft Office and Google Workspace.
• Exposure to working with 3rd parties on contract/engagement work (e.g. writing RFPs, getting quotes, writing business cases, reviewing SOWs, working with internal procurement teams, etc)
• Possess one or more industry accepted information security certification (CISA, CISSP, CRISC, CCSK, CIPPP, etc)
• Experience providing training and guidance to junior team members
• Strong communication and critical thinking skills, attention to detail, and experience collaborating cross-functionally with stakeholders.

Additional experience preferred, but not required:

• Experience in a startup environment 

Essential Job Functions:

• Regular, on-time attendance
• Ability to travel <15% of the time
• Ability to communicate effectively
• Ability to use office equipment such as a computer, copier and telephone
• Ability to use office computer programs such as e-mail, Google Docs, Microsoft Word, PowerPoint and Excel
• Occasionally remain in a stationary position, often standing or sitting for prolonged periods