Senior Security GRC Manager
| Company | PayNearMe |
|---|---|
| Location | Remote in USA |
| Salary | Not Provided – Not Provided |
| Type | Full-Time |
| Categories | Technical & Engineering |
| Degrees | |
| Experience Level | Senior |
| Functions | Cybersecurity, IT & Security |
Description
Job Description
- Identify, assess, and mitigate information security risks across the organization.
- Maintain and execute a comprehensive IT/IS risk management program
- Leverage, optimize, and automate GRC tools to enhance risk visibility and management.
- Conduct risk assessments to ensure compliance with industry standards and regulatory requirements.
- Collaborate with internal teams to implement risk mitigation strategies and controls.
- Monitor and analyze technology and security control effectiveness to identify risks and areas for improvement.
- Develop and maintain risk management policies, procedures, and documentation.
- Provide training and guidance to employees on IT/IS risk management best practices.
- Stay current with emerging trends and developments in IT/IS risk management.
- Provide actionable insights and recommendations in risk reports presented to senior management and stakeholders.
Qualifications
- 5+ years of experience implementing and managing IT/IS risk management frameworks (e.g. PCI-DSS, NIST, ISO27001, SOC2 CMMC, COSO ERM)
- Strong understanding of risk management principles, practices, and frameworks.
- Experience conducting assessments and control evaluation with information security regulations and industry standards (e.g. NIST, CIS, FFIEC Guidelines, PCI-DSS, SOC2)
- Proficiency with risk management tools and software (e.g. Anecdotes, Archer, ServiceNow, or equivalent platforms).
- Demonstrated experience in developing and implementing risk frameworks and conducting risk and control self-assessments (RCSA).
- Demonstrated ability applying GDPR, FedRAMP, and/or FFIEC Guidelines into a security risk framework.
- Proven skills in evaluating complex problems, identifying root causes, and developing effective, risk-minded solutions.
- Strong communication and interpersonal skills in fostering collaborative working relationships.
- Demonstrated capability to work autonomously on complex tasks, while contributing to the success of team and cross-functional objectives.
- Excellent organizational skills with a calculated approach to managing competing priorities, ensuring quality, and meeting deadlines.
Preferred Qualifications:
- Relevant certifications (e.g., CRISC, CISSP, CISM, ITIL).
- Experience in the financial technology sector with a publicly traded company.
- Knowledge of cloud security and understanding of cloud platforms (e.g., AWS, Azure, Google Cloud).
- Familiarity with data protection laws and regulations (e.g., GDPR, CCPA, HIPAA).
- Bachelor’s degree in Computer Science, Information Security, Risk Management, or a related field, or equivalent hands-on experience managing IT/IS risk frameworks
Benefits
Not Specified