IT GRC/Security Manager
Chicago, IL, United States
*Hybrid, 3 days onsite, 2 days remote*
*We are unable to sponsor as this is a permanent Full time role*
A prestigious company is looking for an IT Security/GRC Manager. This manager will be a hands–on manager in enterprise GRC for applications, Infrastructure, 3rd party security, vendor risk management, and program management. This manager will manage a team of 2–4 individuals. This role will require experience with SOC2 reporting, ISO27001, NIST, technical writing, etc.
Responsibilities:
Lead the GRC program roadmap, status reporting on initiatives, metrics, and delivery of the program services.
Lead in the creation and maintenance of security policies, standards, processes, and guidelines. Evaluate exception requests and make approval recommendations to management.
Lead and mature the security awareness and phishing program. This includes roadmap development, plan, coordinate, measure, and evaluate cyber training/education courses, methods, and techniques based on instructional needs.
Manage and support the 3rd Party Security Vendor Risk Management program, management of SOC2 reporting and ISO27001 certification, and assessments or security requests from clients.
Manage control testing, issues management (findings, remediation plans, and exception requests), risk register and reporting.
Analyze and stay current with regulations that impact information security/privacy program.
Qualifications
Bachelor's degree
Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
Seven (7) + years of direct experience (Information Security/Governance)
Four (4) + years of Information Security experience required. Candidates containing hands on technical experience.
Four (4) + years of management experience required.
Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC2, SIG are required.
Strong knowledge of risk management principles and practices is required.
Technical writing experience is required.
Business Intelligence/Analytics (Qlik, Tableau, PowerBI) is preferred.
Experience with instructional content, educational writing, and technical writing strongly preferred.
Governance, Risk, and Compliance (GRC) tool management is preferred.
Ability to perform as primary Security Subject Matter Expert (SSME) in a senior or lead capacity.
Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation.
Demonstrate ability to effectively communicate deeply technical topics at an appropriate level of detail to varied audiences – including IT Subject Matter Experts, senior management and non–technical users
Additional skills mapped to Knowledge, Skills, and Abilities (KSAs) based on NIST SP 800–181.
Technologies/Software
Strong knowledge of security administration and role–based security controls.
Strong knowledge and use of GRC platforms.
Strong knowledge of Access/Identity Management technologies.
Strong knowledge of BI/Analytics tools.
Knowledge of host and network–based anti–malware technologies.
Knowledge of authentication technologies and interactions between diverse authentication platforms, both on–site and remote.
Knowledge of client and server Firewalling technologies and capabilities.
Knowledge of security event management (SIEM), event correlation and analysis technologies.
Knowledge of data encryption technologies.
Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities.
Knowledge of web filtering and email SPAM prevention techniques.
Knowledge of vulnerability assessment and forensic investigations tools.
Knowledge of mobile device security and Mobile Device Management solutions.
#J-18808-Ljbffr