Cyber Risk and Compliance Manager
Exiger
- Jersey City, NJ
- Permanent
- Full-time
- Manage risk assessments, validation testing, compliance reviews, and audits in accordance with NIST standards.
- Maintain and monitor the central repository for audit evidence and risk findings.
- Collaborate with process owners, external auditors, and other stakeholders in reviewing, monitoring, and resolving findings.
- Develop security training and awareness campaign materials and coordinates approval across the organization's business functions, i.e., HR, Legal, Compliance.
- Manage the policy, standards and policy exceptions management process and coordinates approval and updates with Information Security Governing body. Involve relevant parties for security risk and compliance issues that span legal, compliance and regulatory requirements.
- Work with other stakeholders to link corporate IT, product, infrastructure, and privacy departments with GRC objectives.
- Assist business units by responding to client inquiries regarding ongoing operational compliance.
- Monitor the effectiveness of the Security Risk Management and Third Party Management functions, including assessing the level and quality of service provided by professional services, including Software Security and Security Controls Assessment services.
- Proactively seek out areas for improvement and offers insightful advice and value-added guidance on process and control enhancements.
- Bachelor's degree in Computer Science, Information Security, or related field.
- 5+ years of experience working in Information Security Governance, Risk, and Compliance.
- Understanding and technical knowledge of key Information Security Governance concepts, including but not limited to, security training and awareness, policy management, metrics, and data protection.
- Understanding and technical knowledge of key Risk Management concepts, including but not limited to, security risk management, information security consulting, third party management, software security, and security architecture.
- Demonstrable strong management skills, the ability to develop, mentor and coach others.
- Ability to develop information security governance operating plans consistent with the strategy and vision of the organization.
- Ability to delegate work to team members and provide clear and effective guidance on implementation of processes.
- Strong written and oral executive communication, including up to the C-level.
- Strong technical understanding of enterprise computing solutions including cloud hosting, SaaS models and oversight responsibilities.
- Discretionary Time Off for all employees, with no maximum limits on time off.
- Industry leading health, vision, and dental benefits.
- Competitive compensation package.
- 16 weeks of fully paid parental leave.
- Flexible, hybrid approach to working from home and in the office where applicable.
- Focus on wellness and employee health through stipends and dedicated wellness programming.
- Purposeful career development programs with reimbursement provided for educational certifications.