Manager, Information Security GRC
Company: Endeavor
Location: Atlanta
Posted on: November 1, 2024
Job Description:
The Challenge
We are looking for a dynamic Information Security GRC Manager to
support Information Security, IT, and the business by performing
various governance, risk, and compliance activities as part of the
OneTrust InfoSec GRC team, including customer assurance, risk
management, audits (internal and external), policies (standards,
procedures, SOPs), etc.
This role is critical to support OnePlan of maturing security
processes and posture at OneTrust within the information security
GRC domain.
Your Mission
- Develop, mature, and operate a global customer assurance
function.
- Be the center of providing trust to our customers throughout
the sales lifecycle.
- Work directly with customers and internal stakeholders to
demonstrate OneTrust's security posture and alignment with industry
best practices and applicable laws.
- Grow a global program dedicated to addressing and anticipating
customer security and compliance requirements.
- Develop SME-level expertise in the security features of
OneTrust's products and infrastructure.
- Lead information requests, including completing questionnaires,
providing supporting documentation, partnering with product and
engineering teams to clarify discrepancies, and communicating
results in an organized manner.
- Collaborate and manage multiple business unit stakeholders to
mature the compliance process.
- Create, modify, and design policies and content; oversee
maintenance of critical procedural documents.
- Partner with organizational leaders to find creative and
innovative ways to address and manage risks effectively.
- Develop metrics to track the effectiveness and maturity of the
security program.
- Manage and oversee all aspects of security audits, both
internal and external, to ensure compliance with industry standards
and regulatory requirements.
- Oversee security compliance audits and work with
cross-functional teams to collect evidence.
- Manage and develop audited internal controls in support of
audited policies and procedures.
- Perform and document testing of those controls and champion
recommendations for remediation.
- Define and track security & compliance audit lifecycle
metrics.
You Are
- A Relationship builder: Ability to listen, build rapport, and
credibility as a strategic partner vertically and
horizontally.
- An Innovator: Ability to seek alternatives and recommend best
solutions that gain all parties' support and lead to win-win
results.
- Value Driven: Detail-oriented with an eye for quality.
- Ability to work with minimal oversight.
- Ability to execute given high-level direction.
- Asks good questions and always learning.
- Planning, supporting, and/or executing audits (customer-driven,
internal, external).
- Ability to communicate clearly, both verbally and in
writing.
- Ability to collaborate and coordinate with multiple teams and
vendors.
- Ability to work independently and as part of a team.
- Ability to multitask and prioritize effectively.
- Keen attention to details while keeping the big picture in
mind.
- Ability to mentor, train, and educate other security & GRC
personnel.
- Highly skilled communicator and influencer with the ability to
describe complex concepts in easily consumable terms.
- 3-5 years managing a global team.
- Understanding of applicable laws and regulations and security
standards and frameworks including, but not limited to, ISO 27001,
27017, 27701, SOC 2, PCI-DSS, HITRUST, etc.
- Understanding of technology domains including governance, risk
management, security, privacy, customer assurance, information
technology, and business continuity.
- Bachelor's degree in a related field or equivalent experience
required.
- Must have demonstrable experience as a GRC professional both in
a management setting and as an individual contributor.
- Advanced planning/organizational, problem-solving, analytical,
consulting, time management, and decision-making skills
required.
- Ability to effectively communicate technical security plans,
strategies, and designs to all levels of the company.
- Must be detail-oriented and able to maintain a high degree of
accuracy.
- 1+ certifications such as CISA (Certified Information Systems
Auditor), CISSP, CISM, CRISC, etc.
Extra Awesome
- Demonstrable experience working at a hyper-growth SaaS
company.
- 5+ years' experience in policy management.
- 2+ years' experience in security awareness training.
- 3+ years' experience in DR/BCP.
#J-18808-Ljbffr
Keywords: Endeavor, Marietta , Manager, Information Security GRC, Executive , Atlanta, Georgia
Didn't find what you're looking for? Search again!
Loading more jobs...