Position: GRC Manager (Internal)
Location: US Remote
Salary: $125,000 - $150,000 (based on experience)
This role is not open to visa sponsorship or transfer of visa sponsorship including those on OPT and STEM-EXT OPT, nor is it available to work corp-to-corp.
About the Role:
We are seeking a talented and detail-oriented GRC Manager to join our client's dynamic team. As GRC Manager, you will play a critical role in auditing and assessing security postures, ensuring compliance with leading industry standards, and guiding clients through the intricacies of information security frameworks such as PCI DSS, HIPAA/HITECH, SOC, and ISO.
This position offers the flexibility of remote work while occasionally requiring travel to client sites. You will be responsible for conducting PCI and HIPAA assessments, performing gap analyses, and delivering clear, actionable reports that drive improvements in our client's security environments. As a Security GRC Manager, you will be responsible for security governance, risk, and compliance programs in a technology-driven organization within PCI, HIPAA, ISO, SOC, etc. You will play a key role in influencing the organization’s cybersecurity posture through assessing and driving remediation of security risks and ensuring compliance with relevant frameworks. Your technical expertise of security frameworks aligns with industry best practices. This role offers the opportunity to make strategic decisions, provide valuable recommendations, and collaborate with a broad group of bright and energetic individuals.
What You'll Do
Lead and manage all aspects of applicable cybersecurity audits, such as scope definition/validation, audit readiness, walkthroughs, evidence collection, and liaising with external auditors
Drive adoption of relevant security compliance requirements through thorough analysis and prescriptive guidance
Define and lead security risk management process, leveraging automation and partnering with stakeholders to perform hands-on risk assessments
Oversee the policies and standards lifecycle process to ensure they address all relevant cybersecurity requirements
Proactively identify compliance gaps through continuous monitoring, working closely with control owners to identify ways to effectively monitor compliance posture through automation
Document and report identified security or compliance issues and work with control owners on remediation requirements, strategy, and execution, providing recommendations that can be reasonably adopted
Regularly monitor remediation activities for noted findings, and escalate on remediation plans that are at-risk of being overdue
Develop and maintain security reporting to provide real-time and on-demand compliance status
Maintain an up-to-date understanding of emerging trends in information security risks; apply new techniques and trends, in-line with overall information security objectives
What We're Looking For
5+ years of experience in technology audit, security risk management, and/or security compliance role, with at least 2-4 years implementing or auditing compliance with key cybersecurity standards (e.g., PCI DSS, HIPAA, ISO 27001, SOC2, etc.) in a cloud-first environment
Functional knowledge of multiple security domains and information security industry standards and best practices
Experienced with the implementation and/or use of control automation and compliance tools
Effective in building relationships with organizational leaders and influencing senior management
Excellent organizational skills, proactive and self-sufficient with a proven ability to work independently to effectively prioritize and execute tasks
Drive, determination, and the ability to overcome roadblocks and initial objections
Strong project management skills
Strong written, verbal communication, and presentation skills.
Work Environment:
This is a full-time remote position requiring self-motivation and the ability to complete projects on time. With a very fun and energy filled team ready to attack every project.
How to Apply:
Interviews are scheduled to take place next week so if you’re interested in hearing more about this and other roles, then please get in touch asap to discuss further at 520-329-5512 or send your Resume to a.ortiz@locke-mccloud.com
Locke & McCloud is the US's leading cyber security & information security staffing company – through having a sole focus on the cyber & information security space we have been able to foster solid relationships with some of the US’s most exciting cyber security consultancies & end-users. Our focus on the information security space allows us to be able to help you find the most exciting opportunities in the cyber security market. If you are looking for your next cybersecurity or information security role, please get in touch!
info@locke-mccloud.com