Senior Security Governance - Remote / Telecommute

• The GRC Cybersecurity Risk Manager will lead the operational delivery of the cybersecurity risk management program, support GRC capabilities, and drive remediation activities to mitigate security threats.
• The role involves collaborating with business and operational teams, conducting risk assessments, and managing security compliance programs to meet various regulatory and security requirements.

Responsibilities:

• Support the GRC operating model and customer engagement framework
• Lead Cybersecurity Risk Management, ensuring effective delivery of the program.
• Assist in managing GRC capabilities such as compliance, audit management, policy management, security awareness training, and third-party risk management.
• Perform risk assessments to address security threats, system changes, process improvements, supplier assessments, and other business requests
• Collaborate with operational and business teams to complete assessments and develop treatment plans.
• Track and report remediation activities, providing visibility to leadership and stakeholders.
• Monitor and assess the security risk profiles of suppliers, identifying high-risk suppliers for further review.
• Establish and maintain security metrics and reporting, including KRIs and KPIs
• Respond to customer security and compliance questionnaires.
• Serve as a security risk management ambassador to internal customers
• Manage and oversee the use of defined risk methodologies to perform IT/Security assessments.
• Drive remediation activities through planning, scoping, execution, and closure, holding owners accountable for timely delivery.

Qualification And Education:

• At least 7 years of experience in governance, risk, and compliance, or information security and risk management, with at least 5 years focused on risk management.
• Functional knowledge of the CISSP security domains, security industry standards, and best practices.
• Knowledge of regulatory and compliance requirements, including SOX and GDPR.
• Familiarity with ISMS governance models and certification reports (e.g., ISO 27001, SOC, CAIQ).
• Ability to communicate risk methodologies and concepts to business units and IT teams.

Skills:

• Strong experience in defining, developing, and assessing security controls.
• Excellent interpersonal skills and the ability to work with diverse, globally distributed teams.
• Strong attention to detail, project management, and organizational skills.
• Self-starter with the ability to manage independent workloads across multiple time zones.
• Demonstrated leadership in managing cross-functional teams and program areas to deliver high-quality results.