Director of Cybersecurity GRC

Responsibilities

Kforce has a client that is seeking a Director of Cybersecurity GRC in Alexandria, VA. Responsibilities:

• Plan, build, run and manage operational resilience and business continuity management (BCM) program in accordance with industry standards and frameworks. Applicable scope of responsibilities includes Business Impact Analysis (BIA); Business Continuity Plan (BCP); Cybersecurity Incident Response Plan (CIRP); Disaster Recovery Plan (DRP)
• Plan, build, run and manage governance, risk, and compliance (GRC) program in accordance with industry standards and frameworks. Applicable scope of responsibilities includes Enterprise Risk Management Program; Enterprise Data Privacy Program; Third Party Risk Management Program; Security Behavior and Culture Program; Vulnerability Management Program
• Perform essential activities at the organization, business process, and information system levels of the organization to help prepare the organization to manage its business resiliency, continuity, and disaster recovery capabilities using industry standards and frameworks
• Perform essential activities at the organization, business process, and information system levels of the organization to help prepare the organization to manage its security and privacy risks using industry standards and frameworks
  
  

Requirements

• Bachelor's degree in a related field such as Business, Information Technology, or Cybersecurity
• Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM)
• Certified Business Continuity Professional (CBCP), Certified Business Continuity Manager (CBCM), Business Continuity and Resiliency Professional (BCRP), desired
• Certified Information Privacy Professional (CIPP), Certified Information Privacy Management (CIPM), and/or Certified Information Privacy Technologist (CIPT), and/or related professional BCM certification is desired
• Minimum ten years of demonstrable continuous growth and expertise in successfully planning, implementing, and sustaining an enterprise risk management program compliant with the NIST Cybersecurity Framework and NIST Privacy Framework
• Minimum five years of demonstrable continuous growth and expertise in successfully planning, implementing, and sustaining organizational resiliency programs compliant with NIST, ISO 22301, or equivalent industry standards
• Demonstrable leadership skills, particularly project management, influence and relationship building, and conflict identification and resolution; Program success depends heavily on cooperation and commitment from every level of business, and from personnel in many different roles; Proven influence and leadership skills are critically important
• Demonstrable oral and written communication skills, with the ability to communicate business and IT risks and their impacts on business productivity, profitability, reputation, and brand effectively with a broad range of personnel at all levels and in all areas, as well as communicate their impacts to business partners, business and IT service providers and other external stakeholders
  
  

The pay range is the lowest to highest compensation we reasonably in good faith believe we would pay at posting for this role. We may ultimately pay more or less than this range. Employee pay is based on factors like relevant education, qualifications, certifications, experience, skills, seniority, location, performance, union contract and business needs. This range may be modified in the future.

We offer comprehensive benefits including medical/dental/vision insurance, HSA, FSA, 401(k), and life, disability & ADD insurance to eligible employees. Salaried personnel receive paid time off. Hourly employees are not eligible for paid time off unless required by law. Hourly employees on a Service Contract Act project are eligible for paid sick leave.

Note: Pay is not considered compensation until it is earned, vested and determinable. The amount and availability of any compensation remains in Kforce's sole discretion unless and until paid and may be modified in its discretion consistent with the law.

This job is not eligible for bonuses, incentives or commissions.

Kforce is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.