Develop, maintain, monitor and enforce IT policies and procedures
Development, implementation and compliance of information risk management across the enterprise
Support establishing information security governance framework
Manage risks related to the use of information technology, information security, privacy, regulatory compliance and governance.
Drive risk management and governance strategies for emerging technology areas
Implement higher-level security requirements and integrate security programs across disciplines.
Maintain updated knowledge in the field of Risk management and Compliance to efficiently work on frameworks including NIST CSF, CIS Controls, HIPAA, PCI DSS, ITIL, etc.
Remain current with industry best practices and monitor the legal and regulatory environment for developments.
What would your work week look like
Serve as a subject matter expert to ensure and monitor compliance with Industry and Government rules and regulations at Enterprise/Region/Site level. Conduct gap analysis and implement Standards Frameworks like NIST 800 53, CSF, ISO 27001, PCI DSS, HIPAA, NIST, SOX
Develop and revise Policies, Standards, Processes and guidelines for the enterprise through change management
Manage and report overall Governance posture and Report Risk performance against established enterprise risk metrics
Manage Phishing awareness campaigns
Manage framework for control governance
Advise business-led technology projects on IT Governance awareness and standards compliance
Who are we looking for
4-year University (Bachelor's) degree in Computer Science, Information Security, Cyber Security or related field.
Minimum 5 years of experience in an Information Security/GRC role.
Minimum 2 years of experience in IT Governance Role.
Preferred 2 years of experience in Healthcare, Pharma or Bio-Technology organization.
Enthusiastic, results oriented, having a strategic outlook for Security
Experience with managing a GRC tool application support life cycle
Strong written and oral communication skills with the ability to explain technical ideas to non-technical individuals at any level.
Ability to drive, prioritize, and monitor security programs as per agreed timelines
Ability to react to high pressure dynamic changing environments
Ability to communicate IT risk concepts to non-technical people
Strong problem solving and analytical skills
Adaptable to shifting priorities, demands, and timelines through analytical and problem-solving capabilities. Able to react to project adjustments and alterations promptly and efficiently.
Ability to work both independently and as part of a team to deliver quality work product in a timely manner.
