Cybersecurity Governance, Risk, & Compliance Manager

EagleView Technologies   •  

Rochester, NY

Industry: Professional, Scientific & Technical Services

  •  

5 - 7 years

Posted 36 days ago

Job Description

The Cybersecurity Governance, Risk, & Compliance Manager position is responsible for managing risks related to information security, privacy, governance, vendor security assurance, policy, and compliance. Contributes to preserving the high standards of confidentiality, integrity, and availability of EagleView mission-critical information. Conducts Cybersecurityrisk assessments, evaluates controls, and provides feedback to management and process owners on the design and effectiveness of control processes. Implements and maintains on-going programs and processes to test the design and operational effectiveness of security controls. Responsible for ensuring IT assurance and compliance related activities are completed in accordance with industry standards and regulatory requirements. The position reports to the Director of Cybersecurity and is responsible for managing the key functions of information risk management, data protection compliance, governance, and information security assurance.

Primary Responsibilities

  • Ensure compliance with laws, regulations, and industry standards (e.g. PCI, ITAR, ISO 27001:2013, NIST 800-X).
  • Create processes to support effective risk identification, evaluation, communication, and remediation.
  • Assist Legal, Engineering, and Sales with customer and vendor contractual negotiations related to security and data privacy obligations.
  • Analyzes controls for adequacy of design and performs and/or supports control assurance testing activities.
  • Contribute to corporate information risk management strategy, policies, standards, and tactical plans.
  • Contributes to a comprehensive internal securityaudit program that validates existing ISO 27001/NIST security controls.
  • Contribute to the company-wide security awareness program and compliance training.
  • Coordinate annual enterprise risk assessment and PCI-self assessment activities.
  • Ensure all systems, processes, and changes are formally documented.
  • Works closely with internal and external auditors, regulators, and examiners, including coordination and compilation of technology documentation requests, reports, and assurance letters to ensure security compliance.
  • Maintains the Risk Register.
  • Ability to work collaboratively with internal and external departments, vendors, and other key stakeholders.
  • Excellent written and verbal communication skills.
  • Ability to work independently; self-starter.

Skills & Requirements

  • Bachelordegree in a technology or business-related field (BSc or BBA preferred).
  • 5 years previous experience in Information Security, Risk Management, or IT audit.
  • 5 years of project management experience.
  • Certification such as SANS GIAC, CISA, or CISSP preferred.
  • Previous experience in a software development company is preferred.
  • Understanding of controls and risks sufficient to identify and evaluate control effectiveness and identify gaps between risks and controls.
  • Working knowledge of federal and state data protection laws, e.g., PCI-DSS, Breach Notification Laws, etc.
  • Working knowledge of business and risk assessment methodologies/ mitigation strategies using industry standards, e.g., COBIT, ITIL, ISO 27001:2013, NIST, OWASP, etc.
  • Critical thinking and analytical ability.
  • Excellent verbal and written communication skills.
  • Ability to react to high-pressure dynamically changing environments.