Skip to main content

This job has expired

You will need to login before you can apply for a job.

IT GRC/Security Manager

Employer
Request Technology
Location
Chicago
Salary
160000.00 - 180000.00 USD Annual + Bonus
Closing date
18 Jun 2024

View more

*Hybrid, 3 days onsite, 2 days remote*

*We are unable to sponsor as this is a permanent Full time role*

A prestigious company is looking for an IT Security/GRC Manager. This manager will be a hands–on manager in enterprise GRC for applications, Infrastructure, 3rd party security, vendor risk management, and program management. This manager will manage a team of 2–4 individuals. This role will require experience with SOC2 reporting, ISO27001, NIST, technical writing, etc.

Responsibilities:

  • Lead the GRC program roadmap, status reporting on initiatives, metrics, and delivery of the program services.
  • Lead in the creation and maintenance of security policies, standards, processes, and guidelines. Evaluate exception requests and make approval recommendations to management.
  • Lead and mature the security awareness and phishing program. This includes roadmap development, plan, coordinate, measure, and evaluate cyber training/education courses, methods, and techniques based on instructional needs.
  • Manage and support the 3rd Party Security Vendor Risk Management program, management of SOC2 reporting and ISO27001 certification, and assessments or security requests from clients.
  • Manage control testing, issues management (findings, remediation plans, and exception requests), risk register and reporting.
  • Analyze and stay current with regulations that impact information security/privacy program.

Qualifications

  • Bachelor's degree
  • Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
  • Seven (7) + years of direct experience (Information Security/Governance)
  • Four (4) + years of Information Security experience required. Candidates containing hands on technical experience.
  • Four (4) + years of management experience required.
  • Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC2, SIG are required.
  • Strong knowledge of risk management principles and practices is required.
  • Technical writing experience is required.
  • Business Intelligence/Analytics (Qlik, Tableau, PowerBI) is preferred.
  • Experience with instructional content, educational writing, and technical writing strongly preferred.
  • Governance, Risk, and Compliance (GRC) tool management is preferred.
  • Ability to perform as primary Security Subject Matter Expert (SSME) in a senior or lead capacity.
  • Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation.
  • Demonstrate ability to effectively communicate deeply technical topics at an appropriate level of detail to varied audiences – including IT Subject Matter Experts, senior management and non–technical users
  • Additional skills mapped to Knowledge, Skills, and Abilities (KSAs) based on NIST SP 800–181.

Technologies/Software

  • Strong knowledge of security administration and role–based security controls.
  • Strong knowledge and use of GRC platforms.
  • Strong knowledge of Access/Identity Management technologies.
  • Strong knowledge of BI/Analytics tools.
  • Knowledge of host and network–based anti–malware technologies.
  • Knowledge of authentication technologies and interactions between diverse authentication platforms, both on–site and remote.
  • Knowledge of client and server Firewalling technologies and capabilities.
  • Knowledge of security event management (SIEM), event correlation and analysis technologies.
  • Knowledge of data encryption technologies.
  • Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities.
  • Knowledge of web filtering and email SPAM prevention techniques.
  • Knowledge of vulnerability assessment and forensic investigations tools.
  • Knowledge of mobile device security and Mobile Device Management solutions.

Get job alerts

Create a job alert and receive personalised job recommendations straight to your inbox.

Create alert