This position will be responsible for cybersecurity governance activities by managing the overall security risk for the organization, enhancing and driving existing best practices and standards, identifying gaps in security processes and technology, and providing senior management reporting and measurable plans to ensure adherence. The Governance, Risk and Compliance (GRC) associate will help manage cybersecurity threat mitigation activities through development and management of key outcome-based cybersecurity metrics (KPIs/KRIs) and associated reporting. Principal responsibilities will focus on leading efforts related to audits, Issue Management lifecycle, and security posture reporting across the businesses.
- Manages all cybersecurity governance Center of Excellence processes and builds success measures for security analysts in Agile Squads to adhere to the governance framework
- Proactively drives preparation exercises and identification of security issues, prior to scheduled audits, and assists in providing evidences to internal and external auditor inquiries
- Drives and confirms the sustainability posture of security issues by validating the action plan evidence and performing sample testing to ensure continuous cybersecurity controls
- Serves as compliance and regulatory liaison for the domain, and as governance CoE key point of contact for Agile squads
- Identifies and implement improvements to existing security metrics to enable outcome-based metrics
- Drives security awareness trainings and communications
- Drives maturity of security approach by proactively identifying meaningful issues and control gaps in current processes; influencing behavior change within the organization and contributing to the building a stronger security-focused culture
- Maintains professional and technical process knowledge by keeping abreast of the changing security landscape within the technology industry and changes in cybersecurity frameworks
- Aligns risk and control processes into day to day responsibilities to monitor and mitigate risk; raises appropriately
- Minimum of 5 years of related experience
- Bachelor’s degree required. Masters degree preferred.
- Experience in supporting Information Security governance function with proficiency in information security domains, including but not limited to Identity and Access management, Certificate Management, Network Security, Vulnerability Management and Data Protection.
- Prior experience in IT Security or, Governance, Risk and Compliance roles
- Strong Cybersecurity experience across one or multiple domains (i.e. Identity Access Management, Vulnerability Management)
- Experience in reading network security designs and understand network fundamentals
- Experience in evaluating technology and security controls against the IS Policies and control standards
- Experience with analytics and reporting desired