Security GRC Manager
Chicago, IL, United States
Job Title: Security GRC Manager
Location: Hybrid Onsite 3x/Week in Chicago, IL or Austin, TX
Job Type: Direct Hire
Bottom Line / In a Nutshell
7+ years of direct experience (Information Security/Governance) is required
4+ years of Information Security experience required. Candidates containing hands on technical experience are preferred
4+ years of management experience required
Bachelor's degree is preferred
Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
Must have previous experience in people management
Looking for someone who has a well rounded background but can also serve as a SME in this space
Someone who can take direction but can also work independently; want to make sure they can give direction and this person can act on it and manage a team well
Must have strong written and verbal communication skills
Experience in technical writing and giving presentations
Job Description:
The Security GRC Manager is responsible for leading the Governance, Risk Compliance (GRC) team and the programs within the group. The position is hands-on personnel and program manager role and performs key risk management functions within the Security Governance department. Primary functions include management of client responses, Policy & Standards, Security Vendor Risk program management, Security Awareness, Controls Assurance, Compliance Management, and GRC tool management.
Essential Functions
Program management: Lead the GRC program roadmap, status reporting on initiatives, metrics, and delivery of the program services.
Policy management: Lead in the creation and maintenance of security policies, standards, processes, and guidelines. Evaluate exception requests and make approval recommendations to management.
Security training and awareness: Lead and mature the security awareness and phishing program. This includes roadmap development, plan, coordinate, measure, and evaluate cyber training / education courses, methods, and techniques based on instructional needs.
Program assessments: Manage and support the 3rd Party Security Vendor Risk Management program, management of SOC2 reporting and ISO27001 certification, and assessments or security requests from clients.
Risk management: Manage control testing, issues management (findings, remediation plans, and exception requests), risk register and reporting.
Governance: Analyze and stay current with regulations that impact information security / privacy program.
Qualifications & Requirements:
Education, Work Experience, Skills
Bachelor's degree is preferred
Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
Seven (7) + years of direct experience (Information Security/Governance) is required.
Four (4) + years of Information Security experience required. Candidates containing hands on technical experience are preferred.
Four (4) + years of management experience required.
Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC2, SIG are required.
Strong knowledge of risk management principles and practices is required.
Technical writing experience is required.
Business Intelligence/Analytics (Qlik, Tableau, PowerBI) is preferred.
Prior IT Security experience in the legal industry experience is preferred.
Experience with instructional content, educational writing, and technical writing strongly preferred.
Three (3) + years of experience managing timelines and being self-directed preferred.
Governance, Risk, and Compliance (GRC) tool management is preferred.
Client focus, including tact and diplomacy is required.
Interview, gather, and understand content from subject-matter experts
Ability to perform as primary Security Subject Matter Expert (SSME) in a senior or lead capacity.
Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation.
Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm’s security program and controls.
Ability to communicate an effective security awareness message throughout the organization.
Demonstrate ability to create and maintain security policy, standard, guideline, and procedure documents.
Demonstrate ability to effectively communicate deeply technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users
Additional skills mapped to Knowledge, Skills, and Abilities (KSAs) based on NIST SP 800-181.
Technologies/Software:
Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options.
Strong knowledge of security administration and role-based security controls.
Strong knowledge and use of GRC platforms.
Strong knowledge of Access/Identity Management technologies.
Strong knowledge of BI/Analytics tools.
Knowledge of host and network-based anti-malware technologies.
Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote.
Knowledge of client and server firewalling technologies and capabilities.
Knowledge of security event management (SIEM), event correlation and analysis technologies.
Knowledge of data encryption technologies.
Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities.
Knowledge of web filtering and email SPAM prevention techniques.
Knowledge of vulnerability assessment and forensic investigations tools.
Knowledge of mobile device security and Mobile Device Management solutions.
Certificates, Licensures, Registrations:
Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
This Is a Great Opportunity With a First-class Company
Security GRC Manager
RED SKY Career Opportunities at: redskyconsulting.co/career-portal
Security GRC Manager
RED SKY Consulting Candidate and Client Referral Program!
2500
Do you know other IT professionals?
Turn those relationships into Money & help friends get work
RED SKY Consulting is offering a fantastic opportunity for you to earn extra money.
If you refer to us a Manager of people or skilled professionals, we will link your name to that person for 18 months.
If we employ or place that individual or place people into that company thru that manager
Security GRC Manager
RED SKY Consulting Company Overview
We are an IT and Cybersecurity staffing solutions, professional services, management consulting, and executive placement company with thousands of resources across multiple IT and Cybersecurity skill sets. Our primary US locations are Chicago, New York, Los Angeles, Atlanta, Nashville, Tampa and Denver and we have organizational arms in other domestic cities along with offshore alliances in India and Ireland. RED SKY has a 15+ year history of providing great technology talent. RED SKY has many clients including; 7 of the Fortune 10, half of the Fortune 100, and 25% of the Fortune 500 companies within the manufacturing, financial services, health care, government, consumer services, insurance, and several other industry verticals represented.
The RED SKY Foundation is being formed and will be providing fully funded college educations to underprivileged young adults in partnership with our clients starting 2022.
Keys: Governance, Risk, Compliance, Manager, SOC, Information Security, ISO, NIST, Governance, Risk, Compliance, Manager, SOC, Information Security, ISO, NIST, Governance, Risk, Compliance, Manager, SOC, Information Security, ISO, NIST
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
#J-18808-Ljbffr