Manage core risk management responsibilities, including creating and maintaining the firm's cybersecurity policies and standards and building awareness of policies and standards with technology delivery personnel across the firm.
Work collaboratively to build technical standards and define these standards across each tier of the control framework, ensuring standards are aligned with the company policies and control framework.
Assist in the development and maintenance of a policy compliance program that reflects the importance of conforming to cyber best practice while preserving the tenants of entrepreneurialism and self-governance. This includes levers such as awareness, operational enablers, and consequence management.
Support essential efforts to ensure control maturity scores are accurately captured and serve as an advisor to portfolio/system leads on risk management-related topics.
Conduct periodic risk assessments and provide insights for various governance bodies on risks and adherence to company policies and standards.
Manage our governance, risk & compliance platform, and tooling, ensuring consistency with risk frameworks.
Our Ideal Candidates Are:
Knowledgeable of industry standards and best practices
Well versed in application and cloud infrastructure cyber security and its practices.
Strong ability to structure and synthesize feedback into clear, effective written documents, particularly leadership updates and policies
Good verbal communication skills and with the ability to build trust and convey expertise in high-pressure situations
Self-motivated and independent thinker, willing to challenge and be challenged in a constructive (and non-defensive) manner;
Strongly customer centric
Demonstrably values-led and highly ethical
Familiar with cybersecurity policies and standards, and with most of the common cyber frameworks including ISO 27001 and NIST CSF
Breadth of technical understanding across the whole information security landscape
Ability to define and monitor key metrics that identify and communicate progress and highlight risks
Basic Qualifications:
Bachelor's or equivalent experience
4+ years experience in Information Security with a focus on protecting companies through building a security program, security governance documentation, and engineering systems to be robust and resistant to attack.
Strong knowledge of troubleshooting technologies
Must be able to obtain security clearance.
Preferred Qualifications:
Certified Information Security Manager (CISM) accreditation is a plus.
Knowledge of cybersecurity as it relates to DevSecOps preferred