You will serve as a senior team lead for Governance Risk, Compliance Consulting and Advisory Services focusing on large scale security programs. This position requires security and management experience as well as a strong understanding of the Security Frameworks and Compliance controls.
Your role will be supporting the development of the GRC operating model and a service-oriented customer engagement model and supporting the operationalization of various GRC capability areas such as enterprise security risk management, compliance management, policy management, third party risk management, and metrics and reporting, as client looks to mature these areas.
Leading the operationalization of security compliance programs to support various compliance regulations that Client needs to comply with and leading a team of security risk assessment specialists who focus on performing risk assessments that address security threats, changes to systems and/or applications, process improvement initiatives, supplier assessments (including downstream outsourcers) and other requests from the business.
In this role, you'll be responsible for:
- Being a security management "ambassador" to both internal and external customers.
- Responsible for working with sales to appropriate scope and manage client engagements.
- Providing guidance and leadership to other risk management team members.
- Managing engagements, you must support delivery, providing direction for team members, and managing other aspects of the engagement project.
- Responsible for mentoring and leadership for the team.
What we're looking for...
You'll need to have:
- Bachelor's degree or four or more years of work experience.
- Six or more years of relevant work experience.
- Experience in security governance, risk assessments and regulatory/controls experience.
- CISSP, CISM or CISA certification.
- Experience with the security and privacy controls environment, regulatory landscape and risk management techniques, principles and practices.
- Experience and knowledge of the development and implementation of information security policies, standards and related procedures for security programs.
Even better if you have:
- A degree in information technology or relevant field.
- Eight or more years of experience in security governance, risk assessments and regulatory/controls experience.
- Ability to assess clients against a wide variety of security and compliance frameworks including State based privacy and security regulations, SOX, GDPR, NIST-CSF, ISO/27001/2.
- Ability to provide risk-based recommendations based upon the size and complexity of the client's organization.
- Strong business development capabilities.
- Strong presentation skills with ability to convey ideas at the C-Level.
- Strong written communication skills for use in preparing formal documentation including deliverables, Statements of Work, proposals, white papers, and case studies.
- Strong verbal skills that include the proven capability to clearly articulate thoughts, capability to be persuasive and to deliver presentation and training to all levels of management.
- Ability to undertake and complete tasks independently, meet schedules and delivery timelines, and to move swiftly from concepts and theory to action.
- Ability to interface with C-levels, as well as tactical implementers.
- Proven investigative and analysis skills with the demonstrated ability to handle confidential information.
- Willingness to travel.