Information Protection GRC Manager-Immediate Need-Direct Client

Hi We have a direct client Requirement for Infosec GRC -BA @ Miami FL

• Own and manage the Information Security Compliance management in planning, implementing and maintaining the IT Sarbanes-Oxley (SOX), PCI and HITRUST programs and managing IT/System/Process Owners evidence deliverables and remediation activities
• Define IT SOX, PCI and HITRUST success criteria and disseminate them to involved parties throughout activities cycle, scheduling plans, including resources, issue identification, resolution processes, communications, risk management, and status reporting.
• Work closely with Internal Audit, Finance teams, IT teams, and Business line process owners
• Work with owners to collect evidence deliverables on a regular scheduled basis and maintain the schedule
• Assist business owners with the identification, understanding, and development of operational SOP, PCI and HITRUST controls that effectively demonstrate compliance with regulatory obligations
• Build, manage and drive through the organization the Information Security Risk Management program, including 3rd party Security Risk Assessments
• Identify and manage new security compliance requirements, emerging threats and cyber risks to incorporate into the Cybersecurity and risk and compliance programs
• Develop, implement and coordinate the Information Security Risk Management Program
• Develops a deep understanding of operational risks and drives the response process in order to minimize the impact of these risks.
• Develops and supports strategic plans and projects to meet Global Security and SOC goals and objectives
• Develop, implement, maintain and enforce Global security policies, standards and guidelines.
• Developing and implementing short- and long-term solutions to meet business needs through new and existing applications.
• Recommends and enforces the implementation of security practices and procedures.
• Coordinates the selection, installation, implementation, testing, and administration of information security software packages that will protect and monitor the integrity of data and applications.
• Advises leadership with timely intelligence on security issues and/or events.
• In conjunction with the Internal and external auditors, performs periodic audits to assure compliance with security policies and standards; and recommends enhancements.
• In addition to technical system and security developments, keeps abreast of changes to existing and proposed local and federal legislation and regulatory laws pertaining to information system security and privacy.
• Keeps management aware of the regulatory changes that will affect information privacy, information processing and/or security standards and techniques.
• Perform Information Security Program maturity self-assessments and recommend changes and new initiatives
• Establish and maintain metrics and program control mechanisms to track program progress as well as the current state of defences and protections
• Maintain expertise on security trends through training, research and development to mitigate potential security exposures
• Manage, promote and monitor the Global Information Security training and awareness program
• Bachelor’s degree
• Professional certifications desirable; Certified Internal Auditor (CIA), Certified Information Systems Auditor (CISA), Certified in the Governance of Enterprise IT (CGEIT) or the like
• 10 years of Information Security experience
• 5 years of experience in leading and managing Information Security Risk and Compliance
• Strong knowledge of third party risk management
• Advanced knowledge of information security risk assessment design and deliveryKnowledge of security and control standards and frameworks such as IT SOX, ISF, ISO2700x, COBIT, HIPAA, PCI - their use and assessment.
• Understanding of IT systems security concepts, trends and practices.
• Experience with IT Security Assessments.
• Project management skills

• Certification such as CISM, CISA, and/or CISSP preferred.