Manager, Risk Management

To Apply for this Job Click Here

Job Title: Manager, Risk Management

Location: Hybrid

Job-Type: Direct-Hire

Overview:
The Risk Manager is an individual contributor role with accountability for ensuring the effectiveness of the organization’s information security governance framework and works as part of a team to assess cybersecurity and technology risks against established frameworks, standards, policies, and methodologies. This role involves analyzing, monitoring, and reporting on the company’s security policies, procedures, and standards to ensure compliance with regulatory and industry requirements. The Risk Manager collaborates closely with internal teams, stakeholders, and leadership to provide insights and recommendations for continuous improvement in security governance and risk management. The role also reviews and documents deficiencies, advocates for change and, when appropriate, escalates issues to senior risk leadership.  The ideal candidate is business-minded, with five or more years’ experience in technology and security administration or security risk management. Practical hands-on technology experience in security principles, risk management and some business acumen is ideal.

Essential Functions:

• Lead in developing, maintaining, and implementing information security governance body (e.g.: Policies, Standards, Controls, etc.) following industry best practices and regulatory requirements.
• Analyze current governance models and identify gaps or areas for improvement.
• Perform risk analysis based on observations such as interviews, documentation review, and technical assessments.  Collaborate with partners in Information and Cyber Security, Privacy, Compliance, Third Party Risk Management, IT and OT practitioners, and Internal Audit, across the enterprise to ensure understanding of potential business impact(s) resulting from identified risks.  Identify Drivers, Preventive Controls, Risks themselves, Mitigating Controls, and Impacts from those Risks.
• Serve as a liaison between the IT Security, Risk, and business departments to ensure cross-functional collaboration on security governance initiatives.
• Lead efforts with business owners to create treatment plans to address risk drivers, facilitate communication and education of policies and standards for key stakeholders and employees.   
• Support the coordination of security governance-related tasks within the broader IT or security projects. 
• Support the design and implementation of security governance projects or programs, including change management initiatives.   

Qualifications:

• Bachelor’s degree in Computer Science, Information Security, or Information Systems/Technology
• 5+ Years working experience, with a minimum of 5 years in IT Security and Governance or Risk Management is preferred.
• Active certifications in one of the related areas of security and governance such as CISA, CISSP, CRISC, etc are preferred. 

Knowledge, Skills, and Abilities:

• Experience with GRC tools such as OneTrust, Archer, etc. MS Office Suite
• High level of integrity and trust
• Keeps abreast of current and emerging technical information security developments.
• Attending meetings and GRC related conferences.
• Ability to plan, coordinate, and execute complex Governance and IT Security assignments, design and apply tools, techniques, and procedures to maintain the highest standards of Governance and IT Security.

Employment Eligibility: Gravity cannot transfer nor sponsor a work visa for this position. Applicants must be eligible to work in the U.S. for any employer directly (we are not open to contract or “corp to corp” agreements).
 

To Apply for this Job Click Here