\nTitle: Cybersecurity GRC Manager\n\nLocation: Remote\n\n\nReports to: Chief Information Security Officer (CISO)\n\nJob Purpose: LTK is looking to add a Cybersecurity GRC Manager who can lead our efforts in governance, risk, and compliance responsibilities from a security and technology perspective across the organization. This individual will lead the Security GRC Team and will be directly responsible for implementing, maintaining, and improving policies, procedures, and internal controls to assure compliance with applicable regulatory and legal requirements, as well as best practices.\n\nAs a GRC Manager, you'll be working to improve the Security Risk Management Program and work closely with various teams such as DevOps, Engineering, and Product teams. The GRC manager will oversee global security strategy and programs fostering a culture where security is everyoneโs responsibility. The right person for this role will have experience with guidelines, standards and policies across different businesses and industries.High touch, global organization with exposure to IT systems and helping to build the foundation that will drive business transformation.\n\nQualifications: \n\nThe ideal candidate is someone who has:\n\n\n8 + years of IT/Cybersecurity experience in relevant security domains (e.g. compliance, audit, security risk management)\n\n3+ years of Project Management experience\n\nDeep knowledge of and hands-on experience with Amazon Web Services (AWS)\n\n* Created and built a Project Managing IT Governance, Risk, or Compliance (GRC) process from scratch\n\nExperience as the main point of contact for GRC related initiatives and has worked cross-functionally with internal teams: Legal, Privacy, Tech, IT Vendor Management and other business unites\n\n* Direct experience managing SOC2 readiness activities as well as remediation and certification efforts\n\n* Managed compliance initiatives across business units e.g. GDPR, CCPA, PCI, Privacy, Internal/External Audits, 3rd Party Vendor Management and SOC2 \n\n* One or more industry certificates e.g. CISM, CRISC, CISA, CIPM, CISSP\n\n\n\n\nKey Responsibilities:\n\n\nManage the remediation of risks identified through the risk register process and contribute towards improving the overall risk management program. It may include leading annual security assessments, completing written reports of results to be shared with the Executive Leadership Team and other senior leaders.\n\nContinuously improve the Information Security Risk Management Program and oversee a Business Continuity Program\n\nDevelop and maintain all relevant documentation, policies, standards, guidelines and frameworks, embedding controls into processes across the business and technology units.\n\nAssists in the early identification of risk trends by establishing and monitoring key performance and key risk indicators via Risk and Business Impact Assessments.\n\nEducates risk owners on risk management best practices and works with other risk functions (e.g. Internal Audit and Legal) in the development and implementation of risk controls and treatment plans.\n\nLead the security exception process, including leading the completion of security exceptions, tracking and following up on alternative mitigating action items included within approved security exceptions.\n\nManage relationships with key internal stakeholders providing transparency on broader Information Security programโs operational efficiency including timelines and budget\n\nManage the creation of new or leading the maintenance of existing security and privacy policies, standards and specifications to ensure they are current and appropriately aligned with applicable laws, regulations, and the evolution of security risks\n\n* Support the maintenance and build-out of repositories, tools, and documentation for third party risk assurance\n\n\n\n\n \n\n\n\n \n\n#Salary and compensation\n
No salary data published by company so we estimated salary based on similar jobs related to Amazon, Senior, Legal and Non Tech jobs that are similar:\n\n
$65,000 — $125,000/year\n
\n\n#Benefits\n
๐ฐ 401(k)\n\n๐ Distributed team\n\nโฐ Async\n\n๐ค Vision insurance\n\n๐ฆท Dental insurance\n\n๐ Medical insurance\n\n๐ Unlimited vacation\n\n๐ Paid time off\n\n๐ 4 day workweek\n\n๐ฐ 401k matching\n\n๐ Company retreats\n\n๐ฌ Coworking budget\n\n๐ Learning budget\n\n๐ช Free gym membership\n\n๐ง Mental wellness budget\n\n๐ฅ Home office budget\n\n๐ฅง Pay in crypto\n\n๐ฅธ Pseudonymous\n\n๐ฐ Profit sharing\n\n๐ฐ Equity compensation\n\nโฌ๏ธ No whiteboard interview\n\n๐ No monitoring system\n\n๐ซ No politics at work\n\n๐ We hire old (and young)\n\n
\n\n#Location\nDallas, Texas, United States
๐ Please reference you found the job on Remote OK, this helps us get more companies to post here, thanks!
When applying for jobs, you should NEVER have to pay to apply. You should also NEVER have to pay to buy equipment which they then pay you back for later. Also never pay for trainings you have to do. Those are scams! NEVER PAY FOR ANYTHING! Posts that link to pages with "how to work online" are also scams. Don't use them or pay for them. Also always verify you're actually talking to the company in the job post and not an imposter. A good idea is to check the domain name for the site/email and see if it's the actual company's main domain name. Scams in remote work are rampant, be careful! Read more to avoid scams. When clicking on the button to apply above, you will leave Remote OK and go to the job application page for that company outside this site. Remote OK accepts no liability or responsibility as a consequence of any reliance upon information on there (external sites) or here.
Frontpage
๐ Remote jobs
๐ Dark mode
๐ฉโ๐ป Hire remote workers
๐จ Post a remote job
๐ฑ Compact mode
โ๏ธ Remote work blog new
Health insurance for teams
Hacker News mode
Safe for work mode
