What will you be responsible for - Develop, maintain, monitor and enforce IT policies and procedures
- Development, implementation and compliance of information risk management across the enterprise
- Support establishing information security governance framework
- Manage risks related to the use of information technology, information security, privacy, regulatory compliance and governance.
- Drive risk management and governance strategies for emerging technology areas
- Implement higher-level security requirements and integrate security programs across disciplines.
- Maintain updated knowledge in the field of Risk management and Compliance to efficiently work on frameworks including NIST CSF, CIS Controls, HIPAA, PCI DSS, ITIL, etc.
- Remain current with industry best practices and monitor the legal and regulatory environment for developments.
What would your work week look like - Serve as a subject matter expert to ensure and monitor compliance with Industry and Government rules and regulations at Enterprise/Region/Site level. Conduct gap analysis and implement Standards Frameworks like NIST 800 53, CSF, ISO 27001, PCI DSS, HIPAA, NIST, SOX
- Develop and revise Policies, Standards, Processes and guidelines for the enterprise through change management
- Manage and report overall Governance posture and Report Risk performance against established enterprise risk metrics
- Manage Phishing awareness campaigns
- Manage framework for control governance
- Advise business-led technology projects on IT Governance awareness and standards compliance
Who are we looking for - 4-year University (Bachelor's) degree in Computer Science, Information Security, Cyber Security or related field.
- Minimum 5 years of experience in an Information Security/GRC role.
- Minimum 2 years of experience in IT Governance Role.
- Preferred 2 years of experience in Healthcare, Pharma or Bio-Technology organization.
- Enthusiastic, results oriented, having a strategic outlook for Security
- Experience with managing a GRC tool application support life cycle
- Strong written and oral communication skills with the ability to explain technical ideas to non-technical individuals at any level.
- Ability to drive, prioritize, and monitor security programs as per agreed timelines
- Ability to react to high pressure dynamic changing environments
- Ability to communicate IT risk concepts to non-technical people
- Strong problem solving and analytical skills
- Adaptable to shifting priorities, demands, and timelines through analytical and problem-solving capabilities. Able to react to project adjustments and alterations promptly and efficiently.
- Ability to work both independently and as part of a team to deliver quality work product in a timely manner.
|
