Job description
GuidePoint Security provides trusted cybersecurity expertise, solutions and services that help organizations make better decisions and minimize risk. By taking a three-tiered, holistic approach for evaluating security posture and ecosystems, GuidePoint enables some of the nation’s top organizations, such as Fortune 500 companies and U.S. government agencies, to identify threats, optimize resources and integrate best-fit solutions that mitigate risk.
General Description
We are looking for a skilled Managerto lead the corporate Governance, Risk, and Compliance (GRC) team. This role will assist the Senior Director, CIS, to execute the internal GRC strategy while ensuring alignment with business objectives and adherence to relevant regulations and standards.
Additionally, this role will foster partnership and cooperation between and among security and compliance functions, and coordinate with Corporate Security Engineering to facilitate alignment of Corporate Information Security (CIS) initiatives.
The Manager, GRC, leads various aspects of the security and compliance program; mentoring a team of Information Security Specialists while delivering the GRC team’s portfolio of services and other duties as assigned.
Roles and Responsibilities:
- Manage and lead a team of four Information Security Specialists and the processes comprising the GRC team’s portfolio of services.
- Develop, disseminate, and maintain enterprise information security policies, standards, and procedures, and deliver the associated training program to all personnel.
- Establish and maintain relevant security risk metrics.
- Manage internal and external Privacy standards and initiatives.
- Help inform and maintain the company’s Business Resilience Strategy.
- Perform security- and privacy-centric reviews for contracts, Requests for Information (RFIs), and Requests for Proposals (RFPs).
- Conduct risk assessments (e.g., enterprise annual, Commercial off the Shelf software and supplier reviews, etc.) and recommend risk mitigation strategies.
- Support, facilitate and manage the response to internal and external audits and assessments of GuidePoint’s security program.
- Ensure GuidePoint’s Suppliers align with required controls and standards through the Third-Party Risk Management process and providing subject matter expertise in crafting the security exhibit appended to suppliers’ service agreements.
Required Experience:
- Undergraduate degree in cybersecurity/computer science and five years of work experience or eight or more years of work experience in Information Security.
- At least 3 years’ experience in a managerial role.
- Knowledgeable about and experienced aligning security programs with regulatory requirements (e.g., CMMC, GDPR; HIPAA; NYSDFS; etc.) and industry security frameworks (e.g., NIST, ISO, etc.).
- Previous experience with security and privacy control definition, design, and implementation.
- Experience with managing internal and external compliance audits and assessments.
- Privacy experience including fielding Data Subject requests and performing Data Privacy Impact Assessments.
- Familiarity with reviewing, developing, monitoring, testing, and implementing contingency planning measures in support of the organization’s critical functions.
- Excellent communication skills and demonstrated ability to engage with stakeholders at all levels, including cross-functional collaboration experience.
- Excellent organization skills, self-directed, and self-motivated.
- Preferred requirements:
- CISA, CISM, and/or CISSP certifications.
- Experience working with Jira, Confluence, Veza, BitSight (or other supplier risk management tools).
Travel Requirements:
- Up to 10% Travel
We use Greenhouse Software as our applicant tracking system and Zoom Scheduler for HR screen request scheduling. At times, your email may block our communication with you. Please be sure to check your SPAM folder so that you don’t miss updates on your application.
Why GuidePoint? GuidePoint Security is a rapidly growing, profitable, privately-held value added reseller that focuses exclusively on Information Security. Since its inception in 2011, GuidePoint has grown to over 1000 employees, established strategic partnerships with leading security vendors, and serves as a trusted advisor to more than 4,200 customers.
Firmly-defined core values drive all aspects of the business, which have been paramount to the company’s success and establishment of an enjoyable workplace atmosphere. At GuidePoint, your colleagues are knowledgeable, skilled, and experienced and will seek to collaborate and provide mentorship and guidance at every opportunity.
This is a unique and rare opportunity to grow your career along with one of the fastest growing companies in the nation.
Some added perks….
- Remote workforce primarily (U.S. based only, some travel may be required for certain positions, working on-site may be required for Federal positions)
- Group Medical Insurance options: Zero Deductible PPO Plan (GuidePoint pays 90% of the premium for employees and 70% for family plans (spouse/children/family) or High Deductible Health Plan with HSA (GuidePoint pays 100% of the employees premiums and 75% for family plans (spouse/children/family) and GPS will contribute in one lump sum: ($500 per EE annually / $1000 per family annually (includes spouse/children/family options)
- Group Dental Insurance: GuidePoint pays 100% of the premium for employees and 75% of family plans
- 12 corporate holidays and a Flexible Time Off (FTO) program
- Healthy mobile phone and home internet allowance
- Eligibility for retirement plan after 2 months at open enrollment
- Pet Benefit Option
