Information Security GRC Manager

Confidential Company  •  Great Neck, NY

8 - 10 years experience  •  Consumer Goods / Miscellaneous

$160K - $170K
Posted on 09/22/17 by Lori Sklarski
Confidential Company
Great Neck, NY
8 - 10 years experience
Consumer Goods / Miscellaneous
$160K - $170K
Posted on 09/22/17 Lori Sklarski

Information Security GRC Manager


The Information Security GRC Manager is responsible for the development and delivery of the Company's Information Security Program which includes information securityrisk management across the organizations.

This program ensures that all physical and digital information assets and technologies, as well as employee, client and Corporate data are adequately protected.

This role is responsible for defining and maturing the 2nd line of defense (Information SecurityRisk Management Program) and providing management with updates on the overall security posture of the organization.

This role reports directly to the Director of Information Security Governance, Risk, Compliance and Strategy.

Responsibilities: The Information Security GRC Manager will be tasked with managing the following Information Security Programs; Enterprise TechnologyRisk Management, Third Party Risk Management, Data Governance, Security Awareness & Training, and Compliance. The Information Security GRC Manager will work alongside the Director of Information Security Strategy and Governance and other IS team members to identify ways to innovate and mature the Information Security program. The Manager will be responsible for reviewing and escalating issues and shall ensure sound security practices are built into the program.


  • Enterprise Technology Risk Management
  • Third Party Risk Management
  • Data Governance
  • Security Awareness & Training
  • Compliance


  • B.S. in a technology discipline (Computer Science, Information Management, Computer Engineering, Cybersecurity or equivalent); Security certifications such as CompTIA Security +, CISSP, CISA, CCNA or equivalent or working towards certification is preferred
  • 7-10 years' experienceworking directly in an Information Security or Information Technology department with experience in developing or managing Security Programs
  • Strong knowledge of security as it relates to technology. Working experience with Varonis, CyberArk, Proofpoint, Apperature, Skyhigh, Titus, Microsoft Enterprise Mobility Suite, Azure Information Protection, GRC tools or similar
  • Familiarity with Windows and SQL network vulnerabilities
  • Experience with Operational Technology (OT) environments and securing manufacturing devices a plus
  • Strong knowledge & understanding of Network design, topologies
  • Strong understanding of a "hacker's " mentality
  • Excellent written and oral communications skills; ability to lead discussions, present complex ideas to audiences of all sizes, and interact with all levels of the organization
  • Ability to self-manage, work independently with little direction and/or supervision but also work collaboratively in a team environment
  • Working knowledge of the following frameworks and regulations: ISO27001/2, SANS Top 20 Critical Security Controls, ISF Standard of Good Practice, HIPAA Privacy Rule and Security Rule
  • Ability to prioritize and multitask and a work approach that supports flexibility and adaptability is paramount
  • Detail oriented and ability to think outside of the box to propose solutions to risks
  • Ability to communicate securityrisks to non-technical business stakeholder
Not the right job?
Join Ladders to find it.
With a free Ladders account, you can find the best jobs for you and be found by over 20,0000 recruiters.