IT Governance Risk and Compliance (GRC) Team Lead

29 Nov 2024

Vacancy expired!

IT Governance, Risk and Compliance Team Lead

Location: Orlando, FL

Full Job Description: The IT Team Lead – Governance, Risk & Compliance (GRC) oversees a team to maintain the clients high standard of security compliance in a rapidly changing, fast paced environment. This hands-on role works closely with business units and leadership to develop a risk/security/compliance framework; designing, planning, implementing, testing and auditing compliance requirements to ensure consistent adherence to company regulating entities (SOX, PCI, 3rd Party Risk). This role works cross-functionally at all levels of the enterprise to ensure the security compliance strategy is being implemented effectively and in a timely manner.

ROLES AND RESPONSIBILITIES:
  • Takes a leading role in the successful completion of 3rd-party audits based on PCI-DSS and SOX; acts as subject matter expert regarding PCI and SOX compliance requirements and works with all relevant teams to coordinate compliance process, documents, evidence and approvals
  • Oversee vendor relationships with applicable third party vendors providing service delivery of GRC related functions to include but not limited to vendor management, security awareness and professional services
  • Manages relationships with external and internal auditor entities; maintaining awareness of security posture of key vendors, conducting vendor security risk assessments and tracking and reporting on KPIs and metrics
  • Collaborates with Legal Services to review customer and vendor contracts to ensure that information security requirements are met
  • Mentors and trains team members
  • Creates and communicates risk reporting tailored to the relevant audience including educating about the most significant risks to the business units, ensuring appropriate individuals understand the risks that might affect their departments and company
  • Reviews Report on Compliance/Assessment and provides actionable steps on remediation, while advising relevant controls and best practices in line with industry compliance trends
  • Researches and recommends controls aligned with security policies and legal, regulatory and audit requirements
  • Leads the gathering and preparation of documentation to support audits, assessments and data requests from internal and external stakeholders
  • Leads the development and maintenance of Cybersecurity policies, standards and procedures
  • Leads the vendor risk management program
  • Leads the Cybersecurity user awareness program
  • Supports the vulnerability management program by providing reports and conducting follow-up activities to ensure awareness and promote compliance
  • Leads the Cybersecurity risk management program
  • Represents the Cybersecurity GRC team professionally and positively in both formal and informal settings
  • Maintains current up-to-date knowledge and understanding of PCI-DSS and Sarbanes Oxley, GDPR, CCPA, HIPAA and associated data security and privacy laws to ensure compliancy in operations and products
  • Supports other Cybersecurity functions and teams to ensure holistic implementation of security controls, practices, and programs

REQUIRED TECHNICAL SKILLS:
  • 8+ years' experience working within IT, IT Audit, information security risk, governance, compliance or similar department
  • Practical experience standing up and administering a GRC tool with a mindset for automating processes
  • Experience leading people and developing and delivering project plans and enterprise initiatives
  • One of the following certifications: CISSP, CISA or CISM certification
  • Two of the following certification: CRISC, Security+, PCIP, GIAC, CCSP, or equivalent(s)
  • Practical experience with NIST CSF, COBIT5, PCI-DSS, Sarbanes Oxley, ISO, SSAE 16 SOC 1, SOC 2 and other frameworks
  • Proven success in developing and using metrics/KPIs to assess, report on and improve program performance
  • Ability to prepare and present internal and external audit evidence
  • Strong understanding of how to secure and maintain compliance with cloud offerings such as Office365, Amazon Web Services (AWS) and Azure, etc.
Education: At least a Bachelor’s Degree (or equivalent experience) in Computer Science, Software/Electronics Engineering, Information Systems or closely related field is required.

  • ID: #23617468
  • State: Florida Orlando 32801 Orlando USA
  • City: Orlando
  • Salary: $120,000 - $125,000
  • Job type: Permanent
  • Showed: 2021-11-29
  • Deadline: 2022-01-23
  • Category: Security