This job board retrieves part of its jobs from: Toronto Jobs | Emplois Montréal | IT Jobs Canada

Bringing you the hottest job offers in California

To post a job, login or create an account |  Post a Job

New

Senior GRC & IT Risk Management Professional

Ekman Associates

This is a Full-time position in Menlo Park, CA posted July 20, 2021.

Job Description Title: Senior GRC & IT Risk Management Professional Location: Menlo Park, CA (Remote) Ekman Associates is a management consulting firm that specializes in developing business, digital, and technology strategy, delivering solutions, and addressing human resource demands.

Summary: The Senior GRC & IT Risk Management Professional role is responsible for developing, integrating, and supporting GRC practices to ensure compliance and reduce risk factors.

Key Skills: Ability to create an enterprise wide GRC program from scratch Strong Analytical and Communication Skills Knowledge of enterprise GRC, governance, and compliance principles, practices, laws, rules and regulation Understand GRC within an IT Security domain Responsibilities: Create and implement an enterprise wide GRC program and processes (governance, risk and compliance), to automate and continuously monitor information security controls, exceptions, risks, testing.

Develops reporting metrics, dashboards, and evidence artifacts.

Implements security controls, risk assessment framework, and program that align to regulatory requirements.

Evaluates risks and develops security standards, procedures, and controls to manage risks.

Defines and documents business process responsibilities and ownership of the controls in GRC tool.

Schedules regular assessments and testing of effectiveness and efficiency of controls and creates GRC reports.

Performs internal and external information security risk and exceptions assessments.

Assess incidents, vulnerability management, scans, patching status, secure baselines, penetration test result, phishing, and social engineering tests and attacks.

Documents and reports control failures and gaps to stakeholders.

Provides remediation guidance and prepares management reports to track remediation activities.

Trains, guides, and acts as a resource on GRC functions to other departments .

Performs other related duties as assigned.

Develop and conduct Risk Assessments using leading frameworks; i.e., ISO, COBIT, NIST, etc.

Review business and technical assessments questionnaires and evidence.

Schedule and conduct review calls with business stakeholders and vendors.

Document and communicate findings and observations to internal and external stakeholders Track open issues and related remediation execution (programmatic) Utilize a GRC tool as the central repository for risk and control information.

Collaborate with internal stakeholders to develop continued program process improvements Report on assessment outcomes, risk levels, and remediation progress Continuously raise awareness on the program through training, info-sessions and interactions with business stakeholders, security teams, legal, etc.

Qualifications: Bachelor’s degree with a major in business or management information system or relevant experience Preferred certifications: CISSP, CISA, CIPP, CRISC, CEH, and/or CISM GRC( Security Risk Assessment & Risk Management), ISMS Audit, Gap Analysis, Incident Response Program, Security Awareness Program, Data Loss Prevention, Identity and Access Management, Vendor Assessment Program, IT Asset Management (ITAM), Physical Security, Key & Certificate Management, Patch Management, Vulnerability Management, Disaster Recovery, and Business Continuity Planning, Policy and Standard Development.

Experience of working on GRC tools like ServiceNow/ Archer/ MetricStream, etc.

Threat, Vulnerability, Business Continuity, and Risk Assessment National and International Regulatory Compliances and Frameworks such as NIST Cyber Security Framework, ISO, SOX, EU DPD, HIPAA, PCI DSS Compliance: PCI DSS, ISO 27001, SSAE18 SOC 2, HIPAA, HITRUST, SOX, NIST CSF, NIST 800, FFIEC, COBIT, NYDFS, CIS CSC, GDPR, CCPA.

Preferred skills in Google Docs.

Strong knowledge base in information security, risk management, privacy, operations, enterprise networking, systems evaluation, and architecture Strong analytic skills for problem analysis and resolution This individual requires strong written, verbal communication and organizational skills as they will be working on multiple projects.

Experience in the development, implementation, and/or maintenance of a global enterprise IT and security risk and control framework.

Experience with IT GRC platforms, including the ability to drive maturity and enhancements to the platform, tools, and methodologies.

Qualified Candidates Only : If you wish to learn more about this opportunity and additional qualifications/responsibilities, please submit your resume.

To learn more about Ekman Associates, Inc.

please visit our website at .