Manager - Cybersecurity GRC & Data Privacy

Benefits:

• Competitive compensation

• Medical, Dental, and Vision insurance

• 401(k) Retirement Savings Plan with substantial company match

• Life and Travel Insurance

• Tuition Assistance

• Wellness Reimbursement Program

• Paid Holidays and Vacation

What is a Manager - Cybersecurity Governance, Risk, & Compliance (GRC) & Data Privacy?

The Cybersecurity GRC & Data Privacy Manager is responsible for ensuring the organization complies with relevant regulatory, privacy, and security frameworks. This role oversees governance, risk management, and compliance (GRC) activities, while also ensuring data privacy policies and practices align with industry standards and legal requirements. The manager will collaborate across departments to identify risks, implement security controls, and foster a culture of compliance.

What does a Manager - Cybersecurity GRC & Data Privacy do?

The Cybersecurity GRC & Data Privacy Manager is responsible for the following:

Overall:

• Aides in the development of the Cybersecurity roadmap and strategy

• Responsible for the cybersecurity risk register

• Responsible for GRC & data privacy programs, roadmaps, and operations

• Responsible for creation, maintenance, and roadmap for all cybersecurity policies and process library

• Responsible for records and information management

• Responsible for SOX controls and audits

• Communicates and ensures information security programs, and other assigned frameworks are in compliance with regulatory applicable laws, policies, organizational security policies and standards.

• Lead efforts to establish and implement integrated cyber security and risk management solutions.

• Aligns cyber strategies with the strategic direction of the organization.

• Develop and monitor a strategic, comprehensive cyber security and risk management program (including strategy, policies, standards, processes, and guidelines) to ensure the integrity and confidentiality of information owned, controlled or processed by the organization.

• Lead cross-functional teams to enhance the organization’s security posture and ensure compliance with legal and regulatory standards

• Act as a point of contact for regulatory authorities and external stakeholders on cybersecurity and data privacy matters

• Collaborate with IT, legal, and business units to ensure proper implementation of security controls and data privacy measures

• Stay up to date on global data privacy regulations and GRC strategies and ensure the organization adapts to changes

• Provides storm/emergency response support

Governance, Risk, and Compliance:

• Develop, implement, and maintain GRC policies and programs, ensuring compliance with regulations (e.g., ISO 27001, NIST, NERC, GDPR)

• Establishes information security baseline and advances information security maturity model (e.g. C2M2, NIST)

• Conduct risk assessments to identify security gaps and vulnerabilities across the organization

• Establish and enforce security frameworks, standards, and best practices

• Collaborate with business units to ensure adherence to cybersecurity policies and practices

• Oversee third-party risk management, ensuring vendors comply with security and privacy requirements

• Lead audits (internal and external) and manage the remediation of non-compliant findings

• Responsible for overall compliance of Cybersecurity program, remediation of assessment findings, and risk reduction strategy

• Responsible for the cybersecurity risk register

• Track and report on key cybersecurity and compliance metrics for executive leadership.

Data Privacy:

• Oversee the development and implementation of data privacy policies and procedures to ensure compliance with relevant data protection laws

• Ensure the proper handling of personal data and responding to data subject requests

• Manage data privacy risk assessments and data protection impact assessments

• Provide guidance on data privacy issues related to new projects, technologies, and partnerships

What does it take to be a Manager - Cybersecurity GRC & Data Privacy?

Required:

• Bachelor’s degree in Cybersecurity, Computer Science, Information Technology or related field of study and 5 years of experience in Cybersecurity, GRC, data privacy or related. In lieu of a bachelor’s degree, an associate’s degree in the forementioned fields with 7 years of related experience or a high school diploma or equivalency degree and 9 years of related experience will be considered

• Proven leadership, facilitation, and organizational skills with at least 3 years of experience in a leadership role

• Proven experience in cybersecurity management with a focus on risk management and compliance

• Proven experience with industry standards & frameworks such as NIST, ISO, GDPR, etc.

• Proven experience with cybersecurity incident response

• Proven experience with creating and maintaining external and internal relationships with key stake holders

• Strong understanding of cybersecurity frameworks, standards, and best practices

• Excellent knowledge of risk assessment strategies

• Excellent communication skills, with the ability to collaborate effectively with diverse teams

• Analytical mindset with the ability to assess complex situations and make informed decisions

• Proven ability to present at all levels of the organization

• A strong background with an understanding of the intersection between business and cybersecurity to improve security practices

• Ability to influence business decision-making by providing quantitative/qualitative data analytics, metrics, and analysis

• A results-oriented mindset with the ability to solve problems and make decisions

• Ability to work with limited direct supervision and professionally respond to constructive feedback

• Valid driver’s license

Preferred:

• Experience working with global regulatory frameworks

• Familiarity with emerging technologies and their impact on data privacy and security

• Experience in Energy & Utilities or services industry

• Experience with Microsoft PowerBI

• Experience with data visualization tools

• Relevant certifications such as CISSP, CISM, CRISC, CIPP, CIPM or comparable

Pay range: $136,800-211,900

Please go to https://www.cenhud.com/employment. Click the “Search Career Opportunities” button. Follow the directions to submit an application and upload your resume for the desired position.

Applications sent via e-mail and US Mail will not be accepted.  No phone calls or agencies, please.  All replies will be held in strict confidence.

All qualified applicants will receive consideration for employment and will not be discriminated against on the basis of race, creed, color, ethnicity, arrest or conviction record, religion, sex, sexual orientation, gender identity or expression, national origin, age, disability, citizenship, genetic information, familial status, marital status, pregnancy-related condition, domestic violence victim status, veteran or military status, or any other characteristic protected by federal, state or local laws. Central Hudson Gas & Electric Corporation takes affirmative action in support of its policy to employ and advance in employment individuals who are minorities, women, protected veterans, and individuals with disabilities.

VEVRAA FEDERAL CONTRACTOR