Manager - Cybersecurity GRC & Data Privacy

Benefits:

• Competitive compensation

• Medical, Dental, and Vision insurance

• 401(k) Retirement Savings Plan with substantial company match

• Life and Travel Insurance

• Tuition Assistance

• Wellness Reimbursement Program

• Paid Holidays and Vacation

What is a Manager - Cybersecurity Governance, Risk, & Compliance (GRC) & Data Privacy?

The Cybersecurity GRC & Data Privacy Manager is responsible for ensuring the organization complies with relevant regulatory, privacy, and security frameworks. This role oversees governance, risk management, and compliance (GRC) activities, while also ensuring data privacy policies and practices align with industry standards and legal requirements. The manager will collaborate across departments to identify risks, implement security controls, and foster a culture of compliance.

What does a Manager - Cybersecurity GRC & Data Privacy do?

The Cybersecurity GRC & Data Privacy Manager is responsible for the following:

Overall:

• Aides in the development of the Cybersecurity roadmap and strategy

• Responsible for the cybersecurity risk register

• Responsible for GRC & data privacy programs, roadmaps, and operations

• Responsible for creation, maintenance, and roadmap for all cybersecurity policies and process library

• Responsible for records and information management

• Responsible for SOX controls and audits

• Communicates and ensures information security programs, and other assigned frameworks are in compliance with regulatory applicable laws, policies, organizational security policies and standards.

• Leads efforts to establish and implement integrated cyber security and risk management solutions.

• Aligns cyber strategies with the strategic direction of the organization.

• Develops and monitor a strategic, comprehensive cyber security and risk management program (including strategy, policies, standards, processes, and guidelines) to ensure the integrity and confidentiality of information owned, controlled or processed by the organization.

• Leads cross-functional teams to enhance the organization’s security posture and ensure compliance with legal and regulatory standards

• Acts as a point of contact for regulatory authorities and external stakeholders on cybersecurity and data privacy matters

• Collaborates with IT, legal, and business units to ensure proper implementation of security controls and data privacy measures

• Stays up to date on global data privacy regulations and GRC strategies and ensure the organization adapts to changes

• Provides storm/emergency response support

Governance, Risk, and Compliance:

• Develops, implements, and maintains GRC policies and programs, ensuring compliance with regulations (e.g., ISO 27001, NIST, NERC, GDPR)

• Establishes information security baseline and advances information security maturity model (e.g. C2M2, NIST)

• Conducts risk assessments to identify security gaps and vulnerabilities across the organization

• Establishes and enforces security frameworks, standards, and best practices

• Collaborates with business units to ensure adherence to cybersecurity policies and practices

• Oversees third-party risk management, ensuring vendors comply with security and privacy requirements

• Leads audits (internal and external) and manages the remediation of non-compliant findings

• Responsible for overall compliance of Cybersecurity program, remediation of assessment findings, and risk reduction strategy

• Responsible for the cybersecurity risk register

• Tracks and reports on key cybersecurity and compliance metrics for executive leadership.

Data Privacy:

• Oversees the development and implementation of data privacy policies and procedures to ensure compliance with relevant data protection laws

• Ensures the proper handling of personal data and responding to data subject requests

• Manages data privacy risk assessments and data protection impact assessments

• Provides guidance on data privacy issues related to new projects, technologies, and partnerships

What does it take to be a Manager - Cybersecurity GRC & Data Privacy?

Required:

• Bachelor’s degree in Cybersecurity, Computer Science, Information Technology or related field of study and 5 years of experience in Cybersecurity, GRC, data privacy, information technology, compliance, or related. In lieu of a bachelor’s degree, an associate’s degree in the forementioned fields with 7 years of related experience or a high school diploma or equivalency degree and 9 years of related experience will be considered

• Proven leadership, facilitation, and organizational skills with at least 3 years of experience in a leadership role

• Proven experience in risk management or compliance

• Strong understanding of cybersecurity frameworks, standards, and best practices

• Excellent knowledge of risk assessment strategies

• Strong leadership skills, with the ability to manage and mentor a team

• Excellent communication skills, with the ability to collaborate effectively with diverse teams

• Analytical mindset with the ability to assess complex situations and make informed decisions

• Proven ability to present at all levels of the organization

• A strong background with an understanding of the intersection between business and cybersecurity to improve security practices

• Ability to influence business decision-making by providing quantitative/qualitative data analytics, metrics, and analysis

• A results-oriented mindset with the ability to solve problems and make decisions

• Ability to work with limited direct supervision and professionally respond to constructive feedback

• Valid driver’s license

Preferred:

• Experience with industry standards & frameworks such as NIST, ISO, GDPR, etc.

• Experience with creating and maintaining external and internal relationships with key stake holders

• Experience working with global regulatory frameworks

• Familiarity with emerging technologies and their impact on data privacy and security

• Experience in Energy & Utilities or services industry

• Experience with Microsoft PowerBI

• Experience with data visualization tools

• Experience in risk management

• Relevant certifications such as CISSP, CISM, CRISC, CIPP, CIPM or comparable

Applications will be accepted until March 18, 2025. 

Pay range: $140,900-218,300

Please go to https://www.cenhud.com/employment. Click the “Search Career Opportunities” button. Follow the directions to submit an application and upload your resume for the desired position.

Applications sent via e-mail and US Mail will not be accepted.  No phone calls or agencies, please.  All replies will be held in strict confidence.

All qualified applicants will receive consideration for employment and will not be discriminated against on the basis of race, creed, color, ethnicity, arrest or conviction record, religion, sex, sexual orientation, gender identity or expression, national origin, age, disability, citizenship, genetic information, familial status, marital status, pregnancy-related condition, domestic violence victim status, veteran or military status, or any other characteristic protected by federal, state or local laws. Central Hudson Gas & Electric Corporation takes affirmative action in support of its policy to employ and advance in employment individuals who are minorities, women, protected veterans, and individuals with disabilities.

VEVRAA FEDERAL CONTRACTOR