Location: Arlington, VA

Job ID: 5834


Capital TechSearch is recruiting for an IT Risk and Compliance leader to build an itnernal IT Risk program for a commercial technology company moving to the Washington, DC area. 



Duties:
 Provide vision for GRC and IT Risk program
 Hire and lead the team that will create GRC and IT Risk programs from the ground up
 Work across Business and IT groups to develop governance policies and reporting frameworks
 Engage 3rd party service providers where appropriate



 Primary Areas of Responsibility: 
 Security Vendor Risk program management
 Security Awareness
 Policy & Standards lifecycle management,
 Controls Assurance
 GRC platform and program management



Role:
 Help oversee, evaluate, and support the documentation, validation, assessment, and authorization processes necessary to assure that existing and new information technology (IT) systems meet the organization's cybersecurity and risk requirements. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives.
 Consult with stakeholders to gather and evaluate functional requirements. Provide guidance to stakeholders about applicability of information systems to meet business needs.
 Serve as a subject matter expert for Information Security, consulting to technical management non-technical management, and Legal as necessary.
 Plans, prepares, and executes tests of systems to evaluate results against specifications and requirements as well as analyze/report test results.
 Develop and maintain cybersecurity plans, strategy, and policy to support and align with organizational cybersecurity initiatives and regulatory compliance.
 Define and participate in long-term strategy and planning for GRC programs.
 Conduct evaluations of controls of internal IT program or its individual components to determine compliance with required company policies and compliance standards.
 Assist in the management and support of the GRC technology and Security Governance solutions. Create and maintain system, procedural and support documentation.
 Manage and support the third party security vendor risk management program and lifecycle.
 Document and perform risk assessments for third-parties (e.g., vendors and service providers). Respond to security assessments, questionnaires and audits from clients and third-party business partners.
 Assist in the creation and maintenance of security policies, standards, processes and guidelines for approval by Firm management.
 Evaluate exception requests and make approval recommendations to management.
 Help lead and oversee the lifecycle of the Security Awareness program. This includes roadmap development, plan, coordinate, measure, and evaluate cyber training/education courses, methods, and techniques based on instructional needs



Qualifications:
 Ability to perform as primary Security Subject Matter Expert (SME) in a senior or lead capacity.
 Ability to facilitate and lead internal project and/or 3rd party vendor risk assessments with relative independence and provide guidance on secure design and operation.
 Ability to communicate an effective security awareness message throughout the organization.
 Demonstrate ability to create and maintain security policy, standard, guideline and procedure documents.
 Demonstrate ability to effectively communicate deeply technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users.
 Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG
 Experience with GRC platforms.
 CISSP, CISA, CISM, CRISC or similar preferred


 


To be immediately and seriously considered for this exceptional opportunity please apply below. Your responses will be held in the strictest confidence.

Please call our office if you have any questions. Capital TechSearch, Inc. is an Equal Opportunity Employer.


Apply for this position

  • Accepted file types: doc, docx, pdf, txt.
    File types permitted: .DOC, .DOCX, .PDF, or .TXT
  • Accepted file types: docx, doc, pdf, txt, rtf.
    docx, doc, pdf, or txt files
  • Add any additional information in the notes that describes your value and fit for the position. Additional considerations may include your availability, compensation, and if you are not local to the position, your interest in relocating.

By clicking "Apply" you agree to receive new job updates, information and news from Capital TechSearch, Inc. You can always unsubscribe from our communications at any time.