Senior Security GRC Manager
December 12
Description
• Identify, assess, and mitigate information security risks across the organization. • Maintain and execute a comprehensive IT/IS risk management program. • Leverage, optimize, and automate GRC tools to enhance risk visibility and management. • Conduct risk assessments to ensure compliance with industry standards and regulatory requirements. • Collaborate with internal teams to implement risk mitigation strategies and controls. • Monitor and analyze technology and security control effectiveness to identify risks and areas for improvement. • Develop and maintain risk management policies, procedures, and documentation. • Provide training and guidance to employees on IT/IS risk management best practices. • Stay current with emerging trends and developments in IT/IS risk management. • Provide actionable insights and recommendations in risk reports presented to senior management and stakeholders.
Requirements
• 5+ years of experience implementing and managing IT/IS risk management frameworks (e.g. PCI-DSS, NIST, ISO27001, SOC2 CMMC, COSO ERM) • Strong understanding of risk management principles, practices, and frameworks. • Experience conducting assessments and control evaluation with information security regulations and industry standards (e.g. NIST, CIS, FFIEC Guidelines, PCI-DSS, SOC2) • Proficiency with risk management tools and software (e.g. Anecdotes, Archer, ServiceNow, or equivalent platforms). • Demonstrated experience in developing and implementing risk frameworks and conducting risk and control self-assessments (RCSA). • Demonstrated ability applying GDPR, FedRAMP, and/or FFIEC Guidelines into a security risk framework. • Proven skills in evaluating complex problems, identifying root causes, and developing effective, risk-minded solutions. • Strong communication and interpersonal skills in fostering collaborative working relationships. • Demonstrated capability to work autonomously on complex tasks, while contributing to the success of team and cross-functional objectives. • Excellent organizational skills with a calculated approach to managing competing priorities, ensuring quality, and meeting deadlines. • Relevant certifications (e.g., CRISC, CISSP, CISM, ITIL) (preferred) • Experience in the financial technology sector with a publicly traded company (preferred) • Knowledge of cloud security and understanding of cloud platforms (e.g., AWS, Azure, Google Cloud) (preferred) • Familiarity with data protection laws and regulations (e.g., GDPR, CCPA, HIPAA) (preferred) • Bachelor’s degree in Computer Science, Information Security, Risk Management, or a related field, or equivalent hands-on experience managing IT/IS risk frameworks (preferred)
Benefits
• Base salary per year (paid semi-monthly) • Fast- paced and professional work culture • Stock options with standard startup vesting - 1 year cliff; 4 years total • $50 monthly communication expense stipend to go towards your phone/internet bill • $250 stipend to enhance your WFH setup • Reimbursement for peripheral equipment: monitor (up to $400), keyboard and mouse (up to $200) • Premium medical benefits including vision and dental (100% coverage for employees) • Company-sponsored life and disability insurance • Paid parental bonding leave • Paid sick leave, jury duty, bereavement • 401k plan • Flexible Time Off (our team members typically take off ~3-4 weeks per year) • Volunteer Time Off • 13 scheduled holidays • 4-6x / year in-person team meet-ups
Apply NowSimilar Jobs
October 31
Senior Cloud Security Architect at CENSUS delivering top-tier cybersecurity services.