Reporting to the Chief Information Security Officer (CISO), this position will oversee key functions of the Information Security Program including Governance Risk & Compliance (GRC), and Third Party Risk Management.
Build out the Risk Management function, expand our existing strategy into the next level of tactical risks in cyber and business continuity, allowing us to identify and manage more discrete risks.
Being a trusted partner to product and engineering teams.
Simplifying and articulating deep technical concepts and requirements into easily understood terms.
Translating compliance requirements into operational procedures.
4+ years of audit, risk and/or compliance experience as an external or internal function, primarily in regulated environments such as insurance, healthcare or financial services
2+ years of people management experience.
Deep understanding of Information Security risk management concepts from both enterprise and start-up perspectives (e.g. ITIL Change Management vs. DevOps Continuous Delivery)
Knowledge of pragmatic security controls across all security domains such as access management, encryption methods, vulnerability management, network security, etc.
Have start-up DNA: You have demonstrated an ability to thrive in a dynamic start-up environment or have the DNA to do so.
Good understanding of security assurance and trust frameworks ( NIST 800-53, ISO2700x, 23 NYCRR 500, etc.)
Good understanding of privacy and data protection laws (CCPA, GDPR, GLBA Privacy and Safeguards Rules)