Manager, Governance, Risk & Compliance
Germantown, • Direct Hire • December 6, 2021
IT Security Governance, Risk & Compliance
The GRC Manager position is part of the Global Information Security organization within the client's IT organization. The position has global responsibility for managing, directing and support of client’s governance, risk, compliance, and user education technologies, services and activities.
The key actions, outputs, deliverable, products and Services include:
•IT Risk Governance service delivery, support and management.
•Management and definition of the Security Awareness Program for the company including Phishing campaigns and metrics
•Management of the Policies, Standards, and Procedures
•Management of Risk Assessments
•Management of Compliance
•Management of Data Privacy, Data Protection and liaison with Legal on Privacy matters
•Identification, establishment and sustainment of Risk Governance and Risk management as it pertains to Cyber Security
•High quality, reliable, stable, and persistently available Risk Governance technologies and services, worldwide.
• Management, administration, maintenance and support of all Governance, Risk and Compliance technologies and services (end-to-end).
-Manage the technical team responsible for security awareness, compliance and risk management processes and oversee the development, implementation and support of the client’s enterprise security governance program globally. This includes user training and awareness for all employees and contractors, policy lifecycle management, Compliance, risk assessments, and governance programs such as metrics and reporting.
-Direct the establishment and continuous improvement of governance processes to ensure day-to-day operational stability.
-Development and execution of applicable IT risk standards and processes.
-In partnership with Global Sourcing, select and manage vendors needed for GRC processes (Awareness, Risk management, Compliance)
-In partnership with Legal and other organizations, establish and maintain Data protection, Data Privacy and Data Governance processes
-Development and annual facilitation of applicable Disaster Recovery / Business Continuity solutions and exercises.
-Establish and maintain applicable Enterprise Service Levels (SLAs).
• Departmental / Staff Management
-Establishes, maintains, and manages to a defined staffing plan.
-Management activities related to 1:1s, staffing, promotions, budget, and merit reward planning, and staff motivation/engagement.
-Demonstrate full support of the culture of the company and all Human Resources people development processes and activities.
• Strategy and Innovation Leadership
-Provide strategic direction relative to the implementation/use of security governance technologies and solutions.
-Understand the implications of training and compliance processes across geographic and language boundaries.
-Understand implications of Data centric protection and governance
• Major/Primary Activities:
Staff Management; Budgeting; Support (RFS & Break/Fix); Provisioning; Reporting; Monitoring; Metrics; Vendor Management; Licensing;
RFPs; Disaster Recovery; Consultation; Design; Architecture, Security Awareness, Governance, Process Development
Knowledge and Experience:
The qualified candidate will have:
•Bachelor’s Degree in Information Technology, Computer Science or a related discipline or equivalent work experience
•5+ years experience in a management/leadership role
•7+ years of IT/Information Security work experience
•4+ years IT business analysis and design experience with exposure to customers.
•Proven leadership skills with the ability to manage staff, manage conflict, deal with ambiguity, negotiate and make timely decisions
•An advanced understanding and practical application experience of security governance related technologies and services.
•Prior experience interfacing with customers, managing supplier relationships and managing projects through the phases of the project
delivery lifecycle from process design through production support.
•Excellent communication skills with demonstrated ability to write clear, concise business communication for multiple levels (management,
technical, and user).
•Security Certification preferred: CISSP, CISM, GIAC or CISA.