Senior Regulatory Affairs Consultant – Regulatory Lead
Parexel
Director, Governance Risk & Compliance – GRC
Atomic
full-time
Posted on:
Location Type: Remote
Location: Remote • 🇺🇸 United States
Visit company websiteJob Level
Lead
Tech Stack
Cyber Security
About the role
- Provide direction, coaching and development for the Compliance team to ensure effective execution of security governance, risk and compliance activities.
- Draft, maintain and evolve policies, standards, and procedures to align with industry best practices, regulatory requirements, and business needs.
- Serve as a primary contact for PCI DSS, SOC 2, NIST and security and compliance related customer and prospect audits and assessments.
- Coordinate security program testing, control validations, and independent assessments to validate program effectiveness and compliance with frameworks such as NIST CSF and PCI DSS, overseeing timely tracking, remediation and reporting of control gaps.
- Oversee annual enterprise risk assessments, security reviews, business impact analyses, business continuity/incident response tabletops, and critical service provider assessments, ensuring identification, tracking and remediation of risks.
- Drive continuous improvement of GRC processes, tools and methodologies to enhance program maturity.
- Partner with business units to strengthen a multifaceted security, privacy and compliance awareness program, fostering a culture of shared responsibility for information security, privacy and compliance.
- Develop, track, and report meaningful metrics and key risk indicators (KRIs) for Executive Leadership.
- Collaborate with Human Resources, Engineering, IT and other internal teams to ensure alignment of security practices across the enterprise.
- Work with internal teams to track and verify remediation of issues identified during testing, ensuring timely and effective resolution and reporting.
- Provide guidance to the company on emerging risks, industry trends, and regulatory expectations to influence security strategy and business decisions.
Requirements
- Bachelor’s or Master’s degree in Information Security, Cybersecurity, Computer Science, Management Information Systems, or a related field, or related experience.
- 5+ years of experience in Information Security
- 1+ year of direct people management experience, including managing performance, coaching and developing personnel
- 3+ years working with security and risk frameworks such as PCI DSS NIST, ISO, CIS, etc.
- 3+ years of hands-on experience in control testing methodologies, risk assessments, and/or security audits and assessments
- Strong knowledge of security frameworks (PCI DSS, NIST CSF, ISO 27001, etc.)
- A professional certification such as CISSP, CISM, CRISC, or CISA is a plus
- Strategic thinker with a proactive and solutions-oriented approach
- Proven ability to influence senior stakeholders and partner with engineering and technology teams
- Financial services or highly regulated industry experience is a plus
- Effective communication and leadership skills.
Benefits
- Health insurance
- 401(k) matching
- Flexible work hours
- Paid time off
- Remote work options
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard skills
Information SecurityCybersecurityRisk AssessmentsControl Testing MethodologiesSecurity AuditsSecurity GovernanceCompliance ActivitiesPolicy DevelopmentMetrics TrackingKey Risk Indicators
Soft skills
CoachingDevelopmentLeadershipStrategic ThinkingProactive ApproachInfluencing StakeholdersCollaborationCommunicationProblem SolvingTeam Management
Certifications
CISSPCISMCRISCCISA
