Your reporting line will be to the Chief Information Security Officer (CISO), and your primary responsibility will be to spearhead the establishment of a new Governance, Risk, and Compliance (GRC) capability at our NYC office. While we already have a well-established GRC Program in Sydney, we aim to leverage our existing frameworks and establish a GRC presence in NYC.
You'll be integrated into a team of cybersecurity specialists, tapping into their expertise to implement necessary controls and assess their effectiveness. Your mission is to closely collaborate with various departments, including product, engineering, legal, finance, HR, and other business units, to conduct regular compliance audits across the organization.
1. Assist in the implementation and automation of security frameworks and controls across our operational environment.
2. Drive the ongoing enhancement of our cybersecurity program by challenging the existing norms, identifying areas of cyber risk, suggesting improvements, and aligning with industry best practices.
3. Provide support for our internal auditing program.
4. Prepare for external compliance audits and manage the collection of control evidence.
5. Contribute to routine risk assessments and oversee the management of our risk treatment plan.
6. Support our third-party risk management initiative by conducting risk and security assessments for both new and existing vendors.
7. Maintain a set of performance metrics to gauge control effectiveness and support strategic decision-making.
8. Create and maintain high-quality process documentation and standard operating procedures.
9. Oversee the handling of client security questionnaires to facilitate client onboarding.
10. Coordinate various information security calendar events within the company, such as regular penetration tests, auditing activities, reviews, and more.
11. Foster a culture of security awareness by keeping training materials up to date and occasionally conducting sessions on relevant topics.
1. A minimum of 4 years of relevant experience in supporting Governance, Risk & Compliance programs.
2. A genuine passion for cybersecurity as a means to drive business success in a fast-paced environment.
3. Proficiency in security frameworks such as ISO 27000 family, SOC 2, PCI-DSS, CIS, NIST, and others.
4. Desirable experience in conducting internal audits in alignment with ISO 27001 and SOC 2.
5. Demonstrated ability to decipher complex compliance requirements and design and implement scalable processes that do not hinder business operations.
6. Experience in reporting compliance metrics with meticulous attention to detail and a focus on achieving outcomes.
7. A natural inclination towards creating and maintaining documentation.
8. Strong verbal and written communication skills, coupled with stakeholder management experience, enabling you to translate security and technical information into clear, business-oriented language.