Full-Time Senior Security GRC Manager

Identify, assess, and mitigate information security risks across the organization.

Maintain and execute a comprehensive IT/IS risk management program.

Leverage, optimize, and automate GRC tools to enhance risk visibility and management.

Conduct risk assessments to ensure compliance with industry standards and regulatory requirements.

Collaborate with internal teams to implement risk mitigation strategies and controls.

Monitor and analyze technology and security control effectiveness to identify risks and areas for improvement.

Develop and maintain risk management policies, procedures, and documentation.

Provide training and guidance to employees on IT/IS risk management best practices.

Stay current with emerging trends and developments in IT/IS risk management.

Provide actionable insights and recommendations in risk reports presented to senior management and stakeholders.

5+ years of experience implementing and managing IT/IS risk management frameworks (e.g. PCI-DSS, NIST, ISO27001, SOC2 CMMC, COSO ERM).

Strong understanding of risk management principles, practices, and frameworks.

Experience conducting assessments and control evaluation with information security regulations and industry standards (e.g. NIST, CIS, FFIEC Guidelines, PCI-DSS, SOC2).

Proficiency with risk management tools and software (e.g. Anecdotes, Archer, ServiceNow, or equivalent platforms).

Demonstrated experience in developing and implementing risk frameworks and conducting risk and control self-assessments (RCSA).

Demonstrated ability applying GDPR, FedRAMP, and/or FFIEC Guidelines into a security risk framework.

Proven skills in evaluating complex problems, identifying root causes, and developing effective, risk-minded solutions.

Strong communication and interpersonal skills in fostering collaborative working relationships.

Demonstrated capability to work autonomously on complex tasks, while contributing to the success of team and cross-functional objectives.

Excellent organizational skills with a calculated approach to managing competing priorities, ensuring quality, and meeting deadlines.

• Preferred Qualifications:
• Relevant certifications (e.g., CRISC, CISSP, CISM, ITIL).
• Experience in the financial technology sector with a publicly traded company.
• Knowledge of cloud security and understanding of cloud platforms (e.g., AWS, Azure, Google Cloud).
• Familiarity with data protection laws and regulations (e.g., GDPR, CCPA, HIPAA).
• Bachelor’s degree in Computer Science, Information Security, Risk Management, or a related field, or equivalent hands-on experience managing IT/IS risk frameworks.

What is the last date for applying to the job?

Which countries are accepted for this remote job?