GRC Security Risk Specialist

Empresa: Request Technology - Craig Johnson
Tipo de trabalho: Tempo integral
Salário:
100 000 - 120 000 USD/Anual

*Position is bonus eligible*
Prestigious Global Firm is currently seeking a GRC Security Risk Specialist. Candidate will work on the Governance, Risk Compliance team, leads and executes the programs within the GRC team, is a subject matter expert for Information Security (consulting to technical/non-technical management and the user community), and performs key risk management functions within the Security Governance department. Primary functions include life cycle management of client responses, Policy & Standards life cycle management, Security Vendor Risk program management, Security Awareness, Controls Assurance, and GRC platform and program management.
RESPONSIBILITIES:
* Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed.
* Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation.
* Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cyber security and risk requirements.
* Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives.
* Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff.
* Manage and support the 3rd Party Security Vendor Risk Management program and lifec-ycle.
* Manage the exception request process and consult as needed.
* Lead the Security Awareness program. This includes road-map development, measurement, and evaluation of cyber training/education courses and methods based on instructional needs.
* Management and support of the GRC technology platforms.
* Conduct evaluations of an IT program or its individual components to determine compliance with published standards.
QUALIFICATIONS:
* Bachelor's degree or five (5) years of work experience in IT Security is required.
* Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
* Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required
* Prior IT Security experience in the legal industry experience is preferred.
* Technical writing experience is required. Experience with instructional content, educational writing, and technical writing strongly preferred.
* Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred.
* Three or more years of experience managing timelines and being self-directed preferred.
* Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred.
* Client focus, including tact and diplomacy is required.
* Interview, gather, and understand content from subject-matter experts
* Maintain accurate records and manage client security and risk requests
* Ability to perform as primary Security Subject Matter Expert (SME).
* Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation.
* Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm's security program and controls.
* Demonstrate the ability to create and maintain security policy, standard, guideline and procedure documents.
* Demonstrate the ability to communicate effectively technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users.
* Communicates succinctly and effectively
* Strong organization and problem-solving skills required
* Strong project and time management skills required
* Strong reading comprehension skills required
* Strong analytical ability with excellent written and verbal communication skills required
* Strong PC skills with Microsoft (ie Word, Excel, PowerPoint) required
* Ability to work independently and as a group member is required
* SharePoint administration is preferred for team Intranet site management
* Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options.
* Strong knowledge of risk management principles and practices.
* Strong knowledge of security administration and role-based security controls.
* Strong knowledge and use of GRC platforms.
* Knowledge of host and network-based anti-malware technologies.
* Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote.
* Knowledge of client and server Firewalling technologies and capabilities.
* Knowledge of security event management (SIEM), event correlation and analysis technologies.
* Knowledge of data encryption technologies.
* Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities.
* Knowledge of web filtering and email SPAM prevention techniques.
* Knowledge of vulnerability assessment and forensic investigations tools.
* Knowledge of mobile device security and Mobile Device Management solutions.
* Knowledge of Privileged Access Management technologies.
PREFERRED SKILLS:
* Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.

Aplique para este trabalho