IT Risk and Compliance Manager

• Identify risks associated with protecting information assets
  
• Collaborate with and support departments from an information security perspective
  
• Monitor compliance with policies
  
• Ensure data privacy is being adhered to
  
• Implement security controls and solutions according to security governance requirements
  
• Set a risk tolerance level that protects information assets and enables business operations to run as smoothly as possible
  
• Conduct threat and risk assessments as necessary and review the results
  
• Review manage and update riskrelated processes procedures controls and supporting documents
  
• Ensure that the information security governance framework and strategy align with organizations general risk governance program
  
• Track and record information security risks detailing if the risk is accepted not accepted mitigated or transferred
  
• Identify assess and monitor risks to information security and propose mitigation strategies
  
• Evaluate the inherent risk of identified threats and calculate the residual risk after mitigation technique(s) have been implemented
  
• Build cybersecurity process risk & control framework that is rationalized against applicable laws and standards
  
• Conduct industry standard (e.g. PCIDSS) and data privacy compliance readiness assessments
  
• Establishing IT security policies standards and procedures
  
• Manage IT security training & awareness program
  
• Establish IT security functions metrics and reporting for various level of audiences
  
• Build the risk and compliance programs and roadmap
  
• Implement the necessary GRC toolsOther IT security tasks as deemed necessary
  

Requirements

• Bachelors degree in Computer Engineering Computer Science Information Technology Engineering or any related discipline
  
• Highly organized resultsoriented and attentive to details
  
• Excellent verbal and written communication presentation facilitation and diplomacy skills
  
• Ability to prioritize and multitask. Flexibility and adaptability in work approach
  
• 3 years hands on cybersecurity professional experience risk management and security governance practice
  
• Knowledge of IT Security Technical controls.
  
• Knowledge of information security risk management and governance frameworks and compliance practices
  
• Knowledge of securing network technologies client and server operating systems and cloud environments
  
• Experience in process and control definition based on industry best practices and audit standards
  
• Strong project management and organizational skills with the ability to manage multiple projects simultaneously
  
• Ability to interpret clearly and communicate the threats risks and impacts throughout the organization
  
• Strong knowledge of relevant regulations standards and best practices in GRC (e.g. ISO 27001 NIST CIS PCIDSS Data Privacy Law)
  
• Previous experience as a systems administrator systems engineer or security analyst.
  
• Understanding of operating system hardening principles network design principles and systems security
  
• Understanding of various Cybersecurity domains (GRC IAM asset security security architecture network security security operations)
  
• Understanding of security analysis security events penetration testing
  
• Industry certifications would be preferred: (e.g. CISSP CISM etc.)