Sr. Governance & Risk Management Lead
BCForward is looking for a SR. Governance & Risk Management Lead for their client in Indianapolis. This could go permanent for the right candidate.
The Sr. Governance & Risk Management Lead is to tactically develop, implement, and execute the Information Security risk management and policy/controls management programs as well as oversee IT risk management program.
The Sr. Governance & Risk Consultant will tailor standards and controls to risks, coordinate and validate Governance, Risk, and Compliance activities such as pre-checks, self-assessments, remediation, gap tracking, remediation recommendations, policy and standard interpretation, risk management assistance, general support, and projects.
- Execute the risk management function of the information security program to ensure risks are identified, assessed, and monitored.
- Development and review of policies/standards for adequacy and alignment to industry best practices.
- Execute strategy for managing audits, compliance obligations, and external assessment processes for internal/external auditors.
- Continuously improve current GRC processes and procedures.
- Perform assessments of controls and standards adherence and make recommendations regarding adequacy of security controls.
- Perform assessments of third-party adherence to controls and standards.
- Develop, maintain, communicate security metrics, reporting, and status updates.
- Provide Security GRC subject matter expertise to Business and IT areas.
- Perform other duties as assigned to ensure the smooth functioning of the department and maintain the reputation of the organization as a viable business partner.
Knowledge, Skills, & Abilities
- Experience implementing or working with Information Security GRC programs.
- Participate in or lead complex incident/problem resolutions with other cross-functional teams.
- Perform various functions and duties in support of audit and compliance deliverables.
- Operate with a high degree of independence to achieve day-to-day objectives with significant impact on project objectives and deliverables.
- Familiarity with industry best practice frameworks for managing information security risk and compliance (NIST CSF, Risk Management Framework, COBIT, etc.).
- Proven track record of meeting commitments with the highest standards of ethics and integrity.
- Ability to foster a culture of transparency and a sense of purpose among the team and create clear accountabilities and metrics.
- Strong judgment and decision-making.
- Continuous learning mentality.
- Excellent interpersonal, written/verbal communication, and presentation skills.
Required Education and/or Certifications
- Bachelor of Science in Computer Science, Information Systems Management, or equivalent degree.
- Possess industry certifications (CISSP, CISA, CRISC, etc.) or be willing to obtain.
Required Work Experience
- 2+ yrs. of related experience in Information Security/IT Risk Management fields, or equivalent experience.
- Experience implementing risk management program and/or performing information security audits or risk assessments.
- Familiarity with SOC1 and SOC2 reporting and process preferred.
Skills in documenting risk and compliance activities
Interested candidates please send resume in Word format Please reference job code 94333 when responding to this ad.