Enterprise Risk Management (eGRC Lead Consultant)
This is a consulting position with a client of Tiva Systems in San Ramon/CA
The ideal candidate will have demonstrated strong performance in this role and gain instant credibility to help mature GRC practice.
? Develops and maintains risk assessment reporting to achieve desired business outcomes.
? Plans for enterprise GRC technology deployment aligned with CISOtechnology roadmap 3+ years
? Follows architecture principles to guide day-to-day needs and annual planning/prioritization initiatives.
? Adjusts risk tracking/reporting for technology trends, vulnerability changes, and compliance gaps
? Interpret regulations as they apply to products, processes, practices and procedures.
? Evaluate current policies, procedures, and documentation for compliance with government laws and regulations
? Create and updaterisk register, treatments, and assessments
? Perform on-going periodic information securityrisk assessments and compliance testing
? PCI Compliance Manager, PCI-DSS
? BCP, Business continuity planning, someone who can run this program
? Education and awareness
? Enterprise Risk Management
? Vulnerability Management
? Overall 10+ years experience in IT Security, eGRC, Risk Management, Compliance, BCP, Vulnerability Management
? At least 3years of experiencewith Metricstream or RSA Archer or equivalent GRC tool, including maintaining a risk register
? 5+ years of relevant work experience in large enterprise environments with at least 3years work experience in information technology governance, risk & compliance.
? 3+ years?experience implementing/maintaining data protection for US and EU data privacy regulatory requirements
? Eligible for DoD security clearance to support US government risk management and cybersecurity frameworks
? Solid knowledge and experience of IT controls across all security domains such as access management, encryption, vulnerability management, networksecurity, etc.
? Expert knowledge of risk management approaches and processes required, including proven implementation experience.
? Professional certifications such as CISSP, CISM, CISA, or CRISC a plus
? Bachelor?s degree in Computer Science, Computer Engineering or related field.
Keywords: IT Security Consultant, Risk Management Lead, GRC Lead, GRC Consultant, IT Compliance Manager, IT Audit Manager, Senior PCI Consultant, Senior Security Consultant, Information Security Compliance Manager, IT Audit Consultant, Senior Manager - Compliance, IS Manager, Compliance and Security Manager, IT Risk & Compliance Manager, IT Auditor