Manager, Cybersecurity Governance and Compliance
New York City - PARK
Ares Management Corporation
Over the last 20 years, Ares’ success has been driven by our people and our culture. Today, our team is guided by our core values – Collaborative, Responsible, Entrepreneurial, Self-Aware, Trustworthy – and our purpose to be a catalyst for shared prosperity and a better future. Through our recruitment, career development and employee-focused programming, we are committed to fostering a welcoming and inclusive work environment where high-performance talent of diverse backgrounds, experiences, and perspectives can build careers within this exciting and growing industry.
Job Description
We are seeking a highly motivated Cybersecurity Governance Risk and Compliance (GRC) professional who will be responsible for monitoring and supporting our global IT and Security related GRC efforts. Responsibilities of a successful candidate would also include ensuring the organizations adherence to Cybersecurity policies, standards, and procedures, developing sector specific security training programs, managing cybersecurity risk, and maintaining compliance with relevant regulations and security frameworks. This candidate must have excellent technical writing skills, strategic process development capabilities, and a deep understanding of various industry standard cybersecurity frameworks. A successful candidate will be expected to participate in cross functional support of programs run and operated by our Compliance, Enterprise Risk Management, Internal Audit, and Legal teams. This candidate should also have excellent verbal communication skills with the ability to present GRC information to internal and external parties.
The candidate will be part of a talented team of Cybersecurity Professionals that demonstrate excellent technical competencies. This is an opportunity to support mission critical Cybersecurity Governance efforts by ensuring we are proactively identifying gaps in security and proposing security controls to address them. If you are a candidate looking to be a part of a dynamic team, that continuously challenges itself, is committed to learning and improving, and passionate about cybersecurity, then this could be the right opportunity for you!
Primary Functions & ResponsibilitiesWrite policies, standards, procedures, guidelines, and other technical security documents.
Design technical and administrative enforcement mechanisms for defined security rules.
Develop and deliver sector specific annual cybersecurity awareness training and manage overall cybersecurity training program, including phishing campaigns and other components of training.
Contribute to data governance working group initiatives around data security and data privacy.
Select, design, develop and implement security controls within our internal control catalog.
Facilitate security control testing and integrate controls into existing processes.
Maintain inventory of succinct and accurate security program descriptions for answering RFPs/RFIs/DDQs/etc.
Coordinate comprehensive risk assessment within the risk management program and develop/propose risk mitigation strategies.
Conduct security TPRM for Vendors at onboarding, contract review, RFP/RFI, and annual re-assessments while managing the continuous monitoring strategy.
Maintain GRC Metrics, risk tolerances/triggers.
Develop automated reports and use data visualization tools to visualize GRC KPIs.
Interpret audit request lists and perform evidence collection activities in support of various audits.
Minimize user disruption due to burdensome security controls or duplicative evidence collection.
Education:
Bachelor’s degree in Cybersecurity, Engineering, Information Security, Information Technology, Computer Science or other related disciplines.
Experience Required:
5+ years of Governance, Information Technology, Security, or Risk Management experience in the finance or technology sector.
General Requirements:
Fundamental understanding and familiarity with global cybersecurity regulatory requirements, and security frameworks (ex. National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF), International Organization for Standardization (ISO)27001, American Institute of Certified Public Accountants (AICPA) Trust Services Criteria), General Data Protection Regulation (GDPR).
Strong technical writing skills for policy, standard, and procedure writing/editing.
Strong strategic process development skills with a tendency toward automation.
Proven experience conducting cybersecurity risk assessments and compliance audits.
Familiarity with security controls implementation, monitoring, and improvement.
Excellent communication skills to collaborate with cross-functional teams and stakeholders.
Experience using data visualization tools to develop reports.
Ability to build automated workflows using tracking software such as JIRA.
Reporting Relationships
Compensation
The anticipated base salary range for this position is listed below. Total compensation may also include a discretionary performance-based bonus. Note, the range takes into account a broad spectrum of qualifications, including, but not limited to, years of relevant work experience, education, and other relevant qualifications specific to the role.
$160,000 - $190,000
The firm also offers robust Benefits offerings. Ares U.S. Core Benefits include Comprehensive Medical/Rx, Dental and Vision plans; 401(k) program with company match; Flexible Savings Accounts (FSA); Healthcare Savings Accounts (HSA) with company contribution; Basic and Voluntary Life Insurance; Long-Term Disability (LTD) and Short-Term Disability (STD) insurance; Employee Assistance Program (EAP), and Commuter Benefits plan for parking and transit.
Ares offers a number of additional benefits including access to a world-class medical advisory team, a mental health app that includes coaching, therapy and psychiatry, a mindfulness and wellbeing app, financial wellness benefit that includes access to a financial advisor, new parent leave, reproductive and adoption assistance, emergency backup care, matching gift program, education sponsorship program, and much more.
Tags: Audits Automation Compliance Computer Science Finance GDPR Governance Jira KPIs Monitoring NIST Privacy RFPs Risk assessment Risk management Strategy
Perks/benefits: 401(k) matching Career development Flex hours Health care Insurance Medical leave Salary bonus Wellness
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.