Job Openings
IT Risk and Compliance Manager
About the job IT Risk and Compliance Manager
Basic Qualification
- Bachelors degree in Computer Engineering, Computer Science, Information Technology, Engineering or any related discipline
- Highly organized, results-oriented, and attentive to details
- Excellent verbal and written communication, presentation, facilitation, and diplomacy skills
- Ability to prioritize and multitask. Flexibility and adaptability in work approach
Preferred Qualifications
- 3+ years hands on cybersecurity professional experience, risk management, and security governance practice
- Knowledge of IT Security Technical controls.
- Knowledge of information security risk management and governance frameworks and compliance practices
- Knowledge of securing network technologies, client, and server operating systems and cloud environments
- Experience in process and control definition based on industry best practices and audit standards
- Strong project management and organizational skills, with the ability to manage multiple projects simultaneously
- Ability to clearly interpret and communicate the threats, risks, and impacts throughout the organization
- Strong knowledge of relevant regulations, standards, and best practices in GRC (e.g., ISO 27001, NIST, CIS, PCI-DSS, Data Privacy Law)
- Previous experience as a systems administrator, systems engineer or security analyst.
- Understanding of operating system hardening principles, network design principles and systems security
- Understanding of various Cybersecurity domains (GRC, IAM, asset security, security architecture, network security, security operations)
- Understanding of security analysis, security events, penetration testing
- Industry certifications would be preferred: (e.g., CISSP, CISM, etc.)
Duties and Responsibilities
- Identify risks associated with protecting information assets
- Collaborate with and support departments from an information security perspective
- Monitor compliance with policies
- Ensure data privacy is being adhered to
- Implement security controls and solutions according to security governance requirements
- Set a risk tolerance level that protects information assets and enables business operations to run as smoothly as possible
- Conduct threat and risk assessments as necessary and review the results
- Review, manage, and update risk-related processes, procedures, controls, and supporting documents
- Ensure that the information security governance framework and strategy align with organizations general risk governance program
- Track and record information security risks, detailing if the risk is accepted, not accepted, mitigated, or transferred
- Identify, assess, and monitor risks to information security and propose mitigation strategies
- Evaluate the inherent risk of identified threats and calculate the residual risk after mitigation technique(s) have been implemented
- Build cybersecurity process risk & control framework that is rationalized against applicable laws and standards
- Conduct industry standard (e.g., PCI-DSS) and data privacy compliance readiness assessments
- Establishing IT security policies, standards, and procedures
- Manage IT security training & awareness program
- Establish IT security functions metrics and reporting for various level of audiences
- Build the risk and compliance programs and roadmap
- Implement the necessary GRC tools
- Other IT security tasks as deemed necessary