GuidePoint Security

Manager, Corporate Governance, Risk, and Compliance (GRC)- Remote (Anywhere in the U.S.)

GuidePoint Security

full-time

Posted on:

Origin:  • 🇺🇸 United States

Visit company website
AI Apply
Manual Apply

Job Level

Mid-LevelSenior

Tech Stack

Cyber Security

About the role

  • Manage and lead a team of four Information Security Specialists and the processes comprising the GRC team’s portfolio of services.
  • Develop, disseminate, and maintain enterprise information security policies, standards, and procedures, and deliver the associated training program to all personnel.
  • Establish and maintain relevant security risk metrics.
  • Manage internal and external Privacy standards and initiatives.
  • Help inform and maintain the company’s Business Resilience Strategy.
  • Perform security- and privacy-centric reviews for contracts, Requests for Information (RFIs), and Requests for Proposals (RFPs).
  • Conduct risk assessments (e.g., enterprise annual, Commercial off the Shelf software and supplier reviews, etc.) and recommend risk mitigation strategies.
  • Support, facilitate and manage the response to internal and external audits and assessments of GuidePoint's security program.
  • Ensure GuidePoint's Suppliers align with required controls and standards through the Third-Party Risk Management process and providing subject matter expertise in crafting the security exhibit appended to suppliers’ service agreements.

Requirements

  • Undergraduate degree in cybersecurity/computer science and five years of work experience or eight or more years of work experience in Information Security.
  • At least 3 years’ experience in a managerial role.
  • Knowledgeable about and experienced aligning security programs with regulatory requirements (e.g., CMMC, GDPR; HIPAA; NYSDFS; etc.) and industry security frameworks (e.g., NIST, ISO, etc.).
  • Previous experience with security and privacy control definition, design, and implementation.
  • Experience with managing internal and external compliance audits and assessments.
  • Privacy experience including fielding Data Subject requests and performing Data Privacy Impact Assessments.
  • Familiarity with reviewing, developing, monitoring, testing, and implementing contingency planning measures in support of the organization’s critical functions.
  • Excellent communication skills and demonstrated ability to engage with stakeholders at all levels, including cross-functional collaboration experience.
  • Excellent organization skills, self-directed, and self-motivated.
  • Preferred requirements:
  • CISA, CISM, and/or CISSP certifications.
  • Experience working with Jira, Confluence, Veza, BitSight (or other supplier risk management tools).