Leading the design and implementation of a policy- and standards-driven cybersecurity governance program supported by GRC tooling
Establishing and maturing a data governance and protection program across the full data lifecycle
Defining and enforcing data classification, labeling, and handling requirements, including controls to prevent inappropriate data sharing
Establishing and maintaining enterprise security governance structures, roles, and accountability
Serving as a trusted advisor to business and technology stakeholders on governance, risk, and compliance matters
Driving identification, escalation, and resolution of cybersecurity GRC risks and issues
Supporting and maintaining cybersecurity compliance certifications and initiatives (e.g., ISO, PCI, HIPAA)
Producing metrics, KPIs, and executive-level reporting to support risk-based decision making

Requirements

Possess extensive experience in cybersecurity governance, risk, and compliance programs
Proven experience developing and managing security policies, standards, and controls
Experience building or maturing enterprise data governance and data protection programs
Working knowledge of security and compliance frameworks such as ISO 27001/27701, ISO 27017/27018, ISO 42001, HIPAA, PCI DSS, NIST 800-53/800-171, FedRAMP, and/or TX-RAMP
Experience implementing and operating GRC platforms and security programs
Possess project management, analytical, and problem-solving skills
Preferred Certifications: CISSP, CISM, CISA, CHP, CHSS

Benefits

Health insurance
401(k) matching
Annual incentive bonus

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard skills

cybersecurity governancerisk managementcompliance programssecurity policiesdata governancedata protectionsecurity frameworksGRC platformsmetrics productionKPI reporting

Soft skills

analytical skillsproblem-solving skillsproject managementcommunicationstakeholder management

Certifications

CISSPCISMCISACHPCHSS