GRC Manager
Job Title: GRC Manager
Primary Location: Chicago, IL (Hybrid)
Position Type: Direct Hire
Overview
TalentFish is casting a line for a Security GRC Manager. This is a Direct Hire role in Chicago, IL. The Security GRC Manager is responsible for leading the Governance, Risk Compliance (GRC) team and the programs within the group. The position is hands-on personnel and program manager role and performs key risk management functions within the Security Governance department. Primary functions include management of client responses, Policy & Standards, Security Vendor Risk program management, Security Awareness, Controls Assurance, Compliance Management, and GRC tool management
Role
What You Bring to the Role. (Ideal Experience)
Primary Location: Chicago, IL (Hybrid)
Position Type: Direct Hire
Overview
TalentFish is casting a line for a Security GRC Manager. This is a Direct Hire role in Chicago, IL. The Security GRC Manager is responsible for leading the Governance, Risk Compliance (GRC) team and the programs within the group. The position is hands-on personnel and program manager role and performs key risk management functions within the Security Governance department. Primary functions include management of client responses, Policy & Standards, Security Vendor Risk program management, Security Awareness, Controls Assurance, Compliance Management, and GRC tool management
Role
What You Bring to the Role. (Ideal Experience)
- Bachelor's degree is preferred
- Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
- Seven (7) + years of direct experience (Information Security/Governance) is required.
- Four (4) + years of Information Security experience required. Candidates containing hands on technical experience are preferred.
- Four (4) + years of management experience required.
- Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC2, SIG are required.
- Strong knowledge of risk management principles and practices is required.
- Technical writing experience is required.
- Business Intelligence/Analytics (Qlik, Tableau, PowerBI) is preferred.
- Prior IT Security experience in the legal industry experience is preferred.
- Experience with instructional content, educational writing, and technical writing strongly preferred.
- Three (3) + years of experience managing timelines and being self-directed preferred.
- Governance, Risk, and Compliance (GRC) tool management is preferred.
- Client focus, including tact and diplomacy is required.
- Interview, gather, and understand content from subject-matter experts
- Ability to perform as primary Security Subject Matter Expert (SSME) in a senior or lead capacity.
- Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation.
- Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm's security program and controls.
- Ability to communicate an effective security awareness message throughout the organization.
- Demonstrate ability to create and maintain security policy, standard, guideline, and procedure documents.
- Demonstrate ability to effectively communicate deeply technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users
- Additional skills mapped to Knowledge, Skills, and Abilities (KSAs) based on NIST SP 800-181.
- Program management: Lead the GRC program roadmap, status reporting on initiatives, metrics, and delivery of the program services.
- Policy management: Lead in the creation and maintenance of security policies, standards, processes, and guidelines. Evaluate exception requests and make approval recommendations to management.
- Security training and awareness: Lead and mature the security awareness and phishing program. This includes roadmap development, plan, coordinate, measure, and evaluate cyber training / education courses, methods, and techniques based on instructional needs.
- Program assessments: Manage and support the 3rd Party Security Vendor Risk Management program, management of SOC2 reporting and ISO27001 certification, and assessments or security requests from clients.
- Risk management: Manage control testing, issues management (findings, remediation plans, and exception requests), risk register and reporting.
- Governance: Analyze and stay current with regulations that impact information security / privacy program.
-
Seniority level
Entry level -
Employment type
Full-time -
Job function
Other -
Industries
Law Practice
Referrals increase your chances of interviewing at TalentFish by 2x
See who you knowGet notified about new Manager jobs in Chicago, IL.
Sign in to create job alertSimilar jobs
People also viewed
-
East Coast Area Manager
East Coast Area Manager
-
Manager, Customer Service
Manager, Customer Service
-
Restaurant General Manager - WINGSTOP
Restaurant General Manager - WINGSTOP
-
Restaurant General Manager - WINGSTOP
Restaurant General Manager - WINGSTOP
-
Assistant General Manager - Star Cinema Grill Richmond TX
Assistant General Manager - Star Cinema Grill Richmond TX
-
Sr. Program/Portfolio Manager
Sr. Program/Portfolio Manager
-
Area Operations Manager
Area Operations Manager
-
Project Manager
Project Manager
-
General Manager
General Manager
-
Marketing Director
Marketing Director
Looking for a job?
Visit the Career Advice Hub to see tips on interviewing and resume writing.
View Career Advice Hub