Back to job search

Cybersecurity GRC (Governance Risk & Compliance) Consultant

  • Location:

    California

  • Sector:

    Risk & Compliance

  • Job type:

    Temporary

  • Salary:

    US$40 - US$75 per hour

  • Contact:

    Gabriel Moore

  • Contact email:

    Gabriel.Moore@oliverjames.com

  • Job ref:

    JOB-092022-181639_1667251424

  • Published:

    5 giorni fa

  • Duration:

    12 months

  • Expiry date:

    2022-11-30

  • Startdate:

    ASAP

5+ years of experience in Information Security risk management, leading/managing assessments, security audits, and/or managing compliance requirements across an enterprise
5+ years of experience with regulatory compliance and frameworks such as NIST 800-53, NIST CSF, PCI-DSS 3.2 or higher, HIPAA, NYDFS 23 NYCRR 500, ISO 27001/2, and/or NAIC Data Security Law

My client, a global (re)insurance firm, are looking for a Cybersecurity GRC (Governance Risk & Compliance) Consultant to join their Enterprise Information Security (EISO) team to:

Analyze & document the Group's risk & compliance policies in relation to internal and external regulatory requirements.

Assist with third-party Risk Management, Cyber Risk Management and Cyber Compliance services.

Key responsibilities include, but are not limited to:

  • Project Management for vendor-led risk assessments
  • Manage Risk Issues in the enterprise Integrated Risk Platform (IRP)
  • Support the reverse due diligence TPRM process with external audits, examinations, and survey requests
  • Maintain the Enterprise Control Model (ECM) within the Integrated Risk Platform (IRP)
    • Apply control language updates as needed
    • Manage annual control owner confirmation processes
    • Maintain control owners and control performers data
    • Ensure authoritative sources are up to date including quarterly reviews
    • Align new authoritative sources to the Enterprise Control Model
    • Maintain risk library records
  • Manage the Risk Activity Mapping (RAM) process to ensure that all RAM records in IRP are up to date
    • This includes mapping risk activities to business processes and controls
  • Manage quarterly reporting of KRIs and KPIs in Tableau and PowerPoint
  • Support annual KRI and KPI development process
  • Support the routine revision and monitoring of information security risk appetite
  • Support routine and ad-hoc information security risk assessments
  • Conduct routine reporting and analysis of risk issues, remediation plans, and risk acceptances

Successful Cybersecurity GRC (Governance Risk & Compliance) Consultants will:

Possess 5+ years of experience in Information Security risk management, leading/managing assessments, security audits, and/or managing compliance requirements across an enterprise

Have 5+ years of experience with regulatory compliance and frameworks such as NIST 800-53, NIST CSF, PCI-DSS 3.2 or higher, HIPAA, NYDFS 23 NYCRR 500, ISO 27001/2, and/or NAIC Data Security Law

This role requires thorough knowledge of information security risk management.

If you are interested or available, please apply now!

Image 2022 03 22 T16 58 33

A Milano si cercano professionisti del recruiting. Parte l’Academy di Oliver James