IT Risk and Compliance Manager

Basic Qualification

• Bachelors degree in Computer Engineering, Computer Science, Information Technology, Engineering or any related discipline
• Highly organized, results-oriented, and attentive to details
• Excellent verbal and written communication, presentation, facilitation, and diplomacy skills
• Ability to prioritize and multitask. Flexibility and adaptability in work approach

Preferred Qualifications

• 3+ years hands on cybersecurity professional experience, risk management, and security governance practice
• Knowledge of IT Security Technical controls.
• Knowledge of information security risk management and governance frameworks and compliance practices
• Knowledge of securing network technologies, client, and server operating systems and cloud environments
• Experience in process and control definition based on industry best practices and audit standards
• Strong project management and organizational skills, with the ability to manage multiple projects simultaneously
• Ability to clearly interpret and communicate the threats, risks, and impacts throughout the organization
• Strong knowledge of relevant regulations, standards, and best practices in GRC (e.g., ISO 27001, NIST, CIS, PCI-DSS, Data Privacy Law)
• Previous experience as a systems administrator, systems engineer or security analyst.
• Understanding of operating system hardening principles, network design principles and systems security
• Understanding of various Cybersecurity domains (GRC, IAM, asset security, security architecture, network security, security operations)
• Understanding of security analysis, security events, penetration testing
• Industry certifications would be preferred: (e.g., CISSP, CISM, etc.)

Duties and Responsibilities

• Identify risks associated with protecting information assets
• Collaborate with and support departments from an information security perspective
• Monitor compliance with policies
• Ensure data privacy is being adhered to
• Implement security controls and solutions according to security governance requirements
• Set a risk tolerance level that protects information assets and enables business operations to run as smoothly as possible
• Conduct threat and risk assessments as necessary and review the results
• Review, manage, and update risk-related processes, procedures, controls, and supporting documents
• Ensure that the information security governance framework and strategy align with organizations general risk governance program
• Track and record information security risks, detailing if the risk is accepted, not accepted, mitigated, or transferred
• Identify, assess, and monitor risks to information security and propose mitigation strategies
• Evaluate the inherent risk of identified threats and calculate the residual risk after mitigation technique(s) have been implemented
• Build cybersecurity process risk & control framework that is rationalized against applicable laws and standards
• Conduct industry standard (e.g., PCI-DSS) and data privacy compliance readiness assessments
• Establishing IT security policies, standards, and procedures
• Manage IT security training & awareness program
• Establish IT security functions metrics and reporting for various level of audiences
• Build the risk and compliance programs and roadmap
• Implement the necessary GRC tools
• Other IT security tasks as deemed necessary