Security Governance and Risk Manager
Security Governance and Risk Manager:
Our direct client, a fast-growing FinTech firm, is looking for an Information Security Governance and Risk Manager. In this role, you will be responsible for developing and leading company’s security governance and reporting functions. This role will review and enhance policies and procedures, identify and document required security controls, and develop metrics in a security governance program to effectively manage risk. The governance and reporting program should enable the articulation of security risk appetite and identify and report on gaps and areas out of risk tolerance.
The governance and reporting function, in coordination with company’s enterprise risk team, will act as a challenge function by providing questions and feedback across multiple cyber risk program activities. The function will maintain an independent security risk perspective, consistently and appropriately providing feedback to continuously manage information security risk.
- Develop, lead, and provide information security governance and oversight.
- Monitor and drive the rollout of the information security governance and risk reporting, ensuring that policies, controls, procedures, and resources are in place to effectively manage risk.
- Develop an information security reporting capability across key areas such as identity and access, vulnerability and patching, third party security, cloud, security operations, data security and incident response.
- Coordinate and, where appropriate, lead independent control evaluations (e.g., audits, exams, SOX, and compliance testing), and self-identified issues.
- Lead assessments to support appropriate evaluation of the Information Security Program and maturity (through the FSSCC Cybersecurity Profile and FFIEC CAT) .
- Stay current with industry standards, regulatory requirements, and best practices around IT such as FFIEC Guidelines, NIST, ITIL, COBIT, Cloud Security Alliance, etc.
- Develop and maintain effective channels of communication with other risk officers, control functions, and executives.
- Collaborate with senior business and technology leaders and other risk managers to resolve the most challenging risk matters.
- Bachelor’s degree in computer science, technology, or a financial-related discipline (e.g. Business, Economics, Finance, or Accounting), or an equivalent combination of education and work experience
- 5+ years of enterprise experience with emphasis on risk management, information security, or equivalent work experience and training
- Knowledge of key technology rules and regulations, and technology risk management practices (e.g. Information Security, Business Continuity, FFIEC, CoBIT, ITIL)
- Negotiation skills and highly collaborative planning ability
- Ability to influence and communicate effectively and impactfully
Job ID: 4745