"Alerted.org

10393 - IT Governance, Risk & Compliance (GRC) Manager

SUMMARY

The IT Governance, Risk & Compliance Manager is responsible leading a team of professionals and for working with the HAEA and Business Unit Leadership team, Information Security, Legal, Audit and other relevant departments to analyze and implement Information Security and Risk Management frameworks, policies, standards and best practices.  This includes translating industry, government (local and federal) and contractual compliance requirements into the frameworks, policies, standards and processes.  Supports and coordinates internal and external audits in the areas of IT, information security, risk management & compliance.  Coordinate remediation of non-compliant areas of IT.  Provide assistance in the development / implementation of IT security awareness programs for both technical and non-technical audiences

ESSENTIAL FUNCTIONS

+ Responsible for identifying, selecting, retaining, mentoring, managing and training GRC personnel on a daily basis along with reviewing performance, allocating raises and supporting promotions.

+ Will manage department projects, budgets, vendors and associated administrative support required to accomplish same.

+ As part of IT Governance, Risk & Compliance (GRC) within the Information Security department, provides support of and is responsible for analyzing and implementing Information security, risk management, application security frameworks, policies, standards and processes.

+ As part of IT Governance, Risk & Compliance (GRC) within the Information Security department, provides support of and is responsible for analyzing and implementing Information security, risk management, application security frameworks, policies, standards and processes.

+ Executes regular or scheduled compliance tasks as assigned, summarizing and reporting findings, ensuring that audit issues and associated root causes are understood, well defined and presented to HAEA (IT) and business unit (CBU) leadership.

+ Maintains relationships with internal and external audit and compliance agencies to facilitate execution of audits.

+ Acts as the liaison between IT and external audit firms to assist in scheduling and resource planning for audits.

+ Supports and coordinates internal and external audits for the areas of IT and information security.

+ Coordinates remediation activities for non-compliant areas of IT.

+ Performs IT project, application security and vendor risk assessments, to ensure compliance with the corporate information security policies and standards.

+ Assists in the implementation of IT security awareness programs for both technical and non-technical audiences.

+ Provides periodic updates, education and presentations to staff and management on various aspects of IT Governance, Risk and Compliance.

+ Support other department initiatives and deliverables as needed

REQUIREMENTS

+ BS or BA degree (preferably in business, management information systems or information technology related field) or any combination of equivalent education, experience, and formal training that allows the candidate to meet the requirements of the position.

+ Six or more years of information technology experience, with at least two of them in a relevant IT Audit, IT Risk, and/or Information Security field.

+ Three or more years in a Management role including management of programs, people and budgets.

+ Strong organizational and teamwork skills.

+ Working knowledge and/or hands on experience with the following areas as they relate to IT security & risk management:

+ Information security policy, procedure & standards development

+ IT governance, risk and compliance frameworks

+ IT project, vendor assurance, data / application security frameworks\

+ ISO 27000 series of security standards

+ Control Objectives for Information and related Technology (COBIT)

+ Information Technology Infrastructure Library (ITIL)

+ Statement on Standards for Attestation Engagements (SSAE) No. 16

+ IT systems & network audit

+ Excellent verbal, written and presentation skills.

+ Possession of, or ability to obtain, one of the following certifications or equivalent is desirable:

+ CISM (Certified Information Security Manager)

+ CISSP (Certified Information Systems Security Professional)

+ CISA (Certified Information Systems Auditor)

+ CRISC (Certified in Risk and Information Systems Controls)

Salary Range - $112,830 -$173,756

Powered by JazzHR