Join the World's Top Legal Talent Network

Global Risk Compliance Manager
Contract-to-hire
Remote

Why We're Hiring
The Global Risk Compliance Manager is a critical position within the company. The candidate will act as the technical subject matter expert in maintaining information security compliance with applicable laws, licenses, and regulations in the regions that they do business.

What You'll Do

• Responsible for implementing and maintaining procedures and controls to assure security compliance with applicable regulatory, contractual, and legal requirements as well as good business practices
• Work closely with business, technology, and compliance counterparts to understand business objectives, initiatives, and ensure alignment with cybersecurity policies and best practices
• Lead the annual security program roadmap and status reporting on initiatives and KRIs. Create presentation materials and lead discussion for key stakeholder meetings.
• Ensure applicable standards and regulations pertinent to company are effectively implemented and act as an advisor to all managers
• Conduct analysis of new regulations that impact the information security program.
• Coordinate external reviews and/or assessments from regulators, audit firms, and client due diligence requests.
• Own the security risk register and the ongoing management of inherent and residual information security risks.
• Prepare heat maps and analytics of known risks.
• Operationalization of a metrics and reporting function to continually report on meaningful information security risk and compliance metrics for operational and executive management
• Work closely with the VAPT team
• Create and update the hardening checklist
• Conduct global training sessions regarding information security for their internal team

Requirements:

• General information security experience and knowledge of general security concepts, such as defense-in-depth, least privilege, security architecture and design, threat modeling, etc.
• Experienced in collaborating at all levels of an enterprise
• Creativity and initiative in work product, positive and helpful attitude proposing solutions to resolve problems
• Professional and technical certifications desired but not required such as CISM or CISSP
• Ability to reach technical and non-technical audiences across all levels of the organization.
• Must possess basic knowledge of networking, different operating system, endpoint devices and security devices
• Work experience related to information security and/or IT operational risk management is essential, across cloud and traditional IT patterns.
• Comprehension of the regulatory and legal landscape driving privacy/information security (NY DFS, GDPR, CCPA, etc.)
• Experience in leading organizations through Information Security audits and certifications (SOC 2, FedRamp, ISO, etc.)
• A solid understanding of current technology capabilities, and a keen interest in staying abreast of emerging technology trends and information security domains
• Experience in contracting, implementing, and managing security service providers.
• Experience with implementing and managing GRC software solutions for Information Security use cases.
• Manage end-to-end portfolio delivery in terms of schedule, cost, scope and quality; anticipate risks and issues that may arise during the delivery of the portfolio process and ensure that appropriate mitigation actions are in place
• Design, measure and assess key performance metrics to inform data-driven decisions
• Demonstrate accountability; lead people with passion, enthusiasm, loyalty and integrity
• Knowledge of business continuity framework and standards

Apply now!