Manager, Cybersecurity Governance and Risk and Senior Analyst, Cybersecurity Governance, Risk and Compliance Job Openings Now Available
  • Home
  • Manager, Cybersecurity Governance and Risk and Senior Analyst, Cybersecurity Governance, Risk and Compliance Job Openings Now Available
Manager, Cybersecurity Governance and Risk and Senior Analyst, Cybersecurity Governance, Risk and Compliance Job Openings Now Available

Qualified candidates can be located in Atlanta, Chicago, New York City, or Washington DC

Please email your resume to us at gina@ginastechjobs.com to start the hiring process.

Manager, Cybersecurity Governance and Risk and Senior Analyst:

Atlanta, GA | Chicago, IL | New York City, NY | Washington, D.C.

The Manager, Cybersecurity Governance and Risk will lead IT risk management (ITRM) initiatives to increase the transparency of risk impacts to the firm, manage the Cyber risk register, issue log, facilitate the Risk Operating Committee (ROC), and support the Governance and Risk team in identifying and implementing industry standards (e.g., NIST, ISO and COBIT) in accordance with applicable regulatory or client guidelines. The Manager will also assist in developing methodologies, policies, processes, and tools to support InfoSec and Governance and Risk initiatives. The role will contribute to evolving ITRM’s oversight, reporting, governance, communications, and education efforts from an Information Security perspective. This position is 100% Onsite and not open for Remote.

Manager, Cybersecurity Governance and Risk Responsibilities:

– Assist with the development, implementation and management of the governance and risk strategic plan and roadmap, including evolving the reporting structure and frequency to InfoSec stakeholders.
– Serve as a key contributor in identifying, managing and communicating governance and risk across InfoSec policy domains, providing expertise to prioritize and manage risk, while facilitating the adoption in conjunction with the Controls Manager of IT Risk policies, standards and guidelines across the enterprise.
– In conjunction with the Controls and TPRM Managers, evolve, develop and manage the development, maintenance and evaluation of organizational InfoSec governance and risk procedures, processes and guidelines in accordance with Firm and Client requirements.
– Work with the Controls Manager and other stakeholders to identify, validate and document deficiencies in ITRM governance, processes and risk management practices, propose remediations, and enforce cross functional POAM initiatives and status reporting requirements in accordance with prioritization requirements.
– Manage the Cyber risk and issue registers and remediations, including supporting monthly ROC meetings (e.g., agenda, data calls, etc.), tracking and aggregating the risk registers and performing risk to policy domain to control(s) mapping to provide prioritization and transparency into control and policy domains requiring remediation.
– Evolve risk methodologies, as well as conduct and support risk assessments to support InfoSec the identification of risk across policy domains, identify opportunities for control enhancement and risk mitigation.
– Assist InfoSec’s TPRM and Client InfoSec Assessments, including assessment activities (completion and quality control reviews), developing or revising control narratives and supporting reporting efforts to InfoSec leadership and stakeholders.
– Facilitate the definition and maintenance of InfoSec governance and risk measures and metrics; and handle additional related projects as assigned.

Manager, Cybersecurity Governance and Risk Qualifications:

– Bachelor’s degree in information security, Information Assurance, Computer Science, Information Systems, or other related field (2 years of additional experience may be substituted for 2 years of college credits).
– At least 7 years of combined information technology, information security and risk management experience.
– Advanced awareness of current information security standards and developments (CSF, NIST, ISO), the COSO framework, as well as the emerging cyber threat landscape.
– Advanced understanding of risk management concepts, frameworks, and methodologies.
– Strong understanding of information security concepts and technologies.
– Strong project management skills and understanding of the technology and operational risks as related to technology solutions.
– Fundamental knowledge of the operation of law practices and advanced knowledge of MS Outlook, Word, Excel, Visio, and PowerPoint.
– Third party assessment experience, including the evaluation of SOC2 Type 2, SIG, Pen Test, etc., reports.
– Strong understanding of Operational Risk from a Technology perspective.
– Excellent analytical and problem-solving skills, inquisitive nature and comfort challenging current practices.
– Understanding of governance, risk and compliance (GRC) practices and technologies across governance, process and technical domains.
– Background in consulting preferred.
– Ability to develop and maintain solid working relationships across the departments, and high-level technical understanding of security applications, platforms and architectures.
– CISA, CISM, GSEC, CISSP, CRISC or other security-related certification preferred.

Senior Analyst, Cybersecurity Governance, Risk and Compliance:

Atlanta, GA | Chicago, IL | New York City, NY | Washington, D.C.

The Senior Analyst, Cybersecurity Governance Risk & Compliance will administer the completion of compliance-related client requests to assess security policies and procedures. The Senior Analyst will respond to inquiries on the security controls policy, processes, and procedures implemented for managed systems and applications, as well as support Third Party Risk Management (TPRM) and Governance and Risk functions in conducting vendor due diligence (initial, reassessments and ongoing monitoring) and supporting broader GRC efforts. This position is 100% Onsite and not open for Remote.

Senior Analyst, Cybersecurity Governance, Risk and Compliance Responsibilities:

– Review and understand current IT Risk Management (ITRM) program framework and associated policies, standards, procedures, and processes.
– Prepare and respond to related compliance requests and web-shares including referencing evidentiary artifacts or other documentation.
– Complete external information security assessments, remediation efforts and support status tracking of assessment queues.
– Coordinate with external assessors and internal subject matter experts to address compliance inquiries and web-shares of security artifacts.
– Assist in further defining the process for completing information security control assessments.
– Support metrics and reporting of the Information Security Program through the collection and analysis of effectiveness security control measures.
– Develop understanding of control structure to support the creating or revising standard narratives/responses for client questionnaires (e.g., SIG).
– Work with the CISO, senior managers, managers and other internal stakeholders to report existing information security programs and ongoing security projects that address information security risks and compliance requirements.
– Manage competing deadlines and multiple external inquiries using effective organizational skills and attention to detail as demonstrated by prior work experience.
– Contribute to the creation of GRC related processes and procedures and relevant documents.
– Collaborate with InfoSec, Privacy and GRC management and internal subject matter experts to support coordination, tracking, and reporting of GRC team strategy and goals; and complete other tasks as assigned.
– Participate in efforts to evolve and streamline GRC solutions, processes and procedures.
– Develop and maintain the status tracking related to findings from information security assessments, Governance, Risk and Compliance, and TPRM due diligence/reassessment assessments and associated remediations.

Senior Analyst, Cybersecurity Governance, Risk and Compliance Qualifications:

– Bachelor’s degree (required) and at least 5 years of combined information technology and information security experience.
– Strong understanding of multiple risk management concepts, frameworks, and standards (CSC, NIST, ISO, COBIT).
– Strong understanding of information security concepts and technologies.
– Strong understanding of due diligence and compliance documents (e.g. SOC II Type II, ISO 27001 Certification, SIG Questionnaires, Certificates of Insurance, Pen Test, etc.).
– Strong communication skills with the ability to interact with various teams.
– Demonstrated experience with the NIST Cybersecurity Framework and auditing security controls identified in NIST SP800-171 and NIST SP800-53A.
– Experience in the analysis of IT and Security control requirements and understanding of associated technology processes.
– Experience working with internal and external auditing firms.
– Fundamental knowledge of MS Outlook, Word, Excel, Visio, and PowerPoint.

Contact our IT Recruiters and IT Recruiting Firm

Next Step Systems is a leader among executive IT recruiting firms with our top technology headhunters. We are specialized IT recruiters based in the Chicago area with technical employment services nationwide; contact us!