Manager of Security Governance – Risk – And Compliance

Manager of Security Governance – Risk – And Compliance

Requirements

• Proven information security professional with a compliance and risk management background.
• Extensive experience in technology risk, information security risk, or IT audit and assurance.
• Strong understanding of fundamental information and cyber security concepts and technologies.
• Demonstrated expertise in stakeholder management with a proactive approach.
• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• Certified in Risk and Information Systems Control (CRISC)
• Certified Information Systems Auditor (CISA)

Responsibilities

• Maintain and update the organization’s Security Risk Register.
• Identify, evaluate, monitor, and drive accountability for risk control mitigations.
• Conduct regular risk assessments to evaluate the effectiveness of security controls.
• Provide consolidated written reports to the Risk Assurance and Audit Committee.
• Prepare and present comprehensive risk reports to executive leadership.
• Provide risk management input to the overall Program Security Planning Process.
• Engage with legal, audit, assurance, and compliance teams to align security risk management practices with regulatory requirements.
• Contribute to the threat intelligence framework by helping with the identification of emerging risks.
• Lead internal and external security audits to ensure compliance with relevant standards and frameworks (e.g., ISO27001, NIST).
• Develop and maintain audit schedules and documentation.
• Coordinate with auditors and relevant stakeholders to address audit findings and implement corrective actions.
• Develop and maintain a comprehensive third-party risk management framework.
• Assess and manage security risks associated with external suppliers and partners.
• Conduct regular security assessments and audits of third-party vendors.
• Collaborate with procurement and legal teams to ensure third-party contracts include appropriate security requirements.
• Design and implement a security awareness program to educate employees on security best practices.
• Develop and deliver training sessions, workshops, and awareness campaigns.
• Monitor and measure the effectiveness of security awareness initiatives.
• Identify opportunities to influence colleague training content.
• Ensure that audit results are reported accurately and promptly to executive leadership.

Preferred Qualifications

• A go-getter with an entrepreneurial mindset – that means you are not afraid of taking risks, winning big or facing the unknown.
• Someone who understands that business is people centric. Connecting with others as humans first allows you to develop mutually beneficial working relationships.
• Focused on making a difference for our customers. AvidXchange exists to help solve complex problems for our customers so we can all realize our potential.