Cybersecurity Governance, Risk and Compliance (GRC) Specialist

Job Summary

• Provide oversight and management of third-party testing to ensure that controls are adequate to meet legal, regulatory, policy, standards, and IS requirements.
• Ensure that controls are adequate to meet IS Policies; conduct assessments and audits. Design and implement accurate and thorough governance gaps assessments to applicable guidelines, rules, regulations, and best practices.
• Measure the effectiveness of security controls as prescribed by IS’s IS Policy and Standards, regulatory compliance (e.g. ECC Cybersecurity Assessment Tool), the CIS Critical Security Controls, and ISACA’s COBIT.
• Coordinate across IS teams a cohesive approach in assessing vendor risk across Security, Privacy and Business Continuity through common processes, reporting, and tools.
• Evaluate the impact of new and changing legal and regulatory requirements, identify potential gaps within IS governance structure and communicate to affected policy owners.
• Manage IS-wide process for Policies, Standards, Procedures, and other IS governance documents to be developed, updated, reviewed, approved, and communicated to applicable stakeholders.
• Author and coordinate the development and maintenance of IS Policies, Standards and Procedures with structure, quality, and organization. These will be developed in accordance with legal and regulatory requirements and compliance with frameworks including but not limited to the National Institute Standards and Technology (NIST). Collaborate with Subject Matter Experts (SMEs) to gather requirements and deliver documentation.
• Manage a common framework to map relevant requirements to IS Policy and control objectives in order to create a clear linkage between Polices, Standards, and controls as defined by IS.
• Facilitate the management and reporting of risks identified by internal and external auditors.
• Provide key insights and quantified risk analysis for Executive Management to facilitate governance related decision making and justify needed improvements of the governance program including its scope, policies, objectives, controls, processes, and procedures.
• Work with internal & external entities to facilitate continuous improvement of Information Security in relation to IS evolving business risks and acceptable risk tolerances.
• Implement and manage tools and supporting resources across the IS to enable teams to effectively leverage risk assessment processes and the Governance Risk and Compliance (GRC) functions.