Principal I, Cybersecurity, GRC

Overview

THE ROLE:

The Principal I of Governance Risk and Compliance (“GRC”) acts as a technical expert, focusing on providing expertise, guidance, and support on GRC management topics. This role supports continuous improvement of GRC management methodologies, tools and processes to ensure proactive oversight and management of the Technology risk landscape.

HOW YOU WOULD CONTRIBUTE: •    8+ years experience to provide technical expertise on IT governance risk management and compliance tools and processes •    Act as Subject Matter Expert (SME) on IT governance risk management and compliance best practices•    Identify control weaknesses, regulatory compliance issues, and potential areas of risk across all segments of Technology and Security •    Mentor team members to understand GRC management best practices, policies and procedures•    Maintain current knowledge of applicable regulations and policies relevant to GDTS •    Lead the design, development and implementation of new GRC tools, processes and best practices across Tech projects and programs •    Experience with Identity & Access Management and user account lifecycle and access certifications •    Conduct technology and security assessments to ensure that data is protected from unauthorized access, unintentional or malicious alterations, and disruptions that could lead to downtime.  •    Deliver reliable solutions on-time, with minimal supervision, and effective reporting to executive management•    Develop a cooperative environment that fosters knowledge sharing and technical growth•    Provide guidance for technology teams for full end-to-end implications of decisions in area of expertise•    Perform analysis on the vulnerability scan reports to facilitate the reporting of metrics to management.•    Create metrics reports and dashboards for leadership.

WHAT’S SPECIAL ABOUT THE TEAM:

Governance Risk and Compliance is a global team collaborating with IT, Cybersecurity, Privacy, Enterprise Risk among other risk teams in the company, to manage technology risks and provide proactive risk solutions.  Our vision is to provide risk information to support fact-based decision making, aligned with our enterprise strategy.

Job Qualifications

SKILLS AND BACKGROUND REQUIRED TO BE SUCCESSFUL: •    Excellent written and verbal communication skills. Communicates effectively to both technical and executive audiences.•    Strong interpersonal and influencing skills•    Strong understanding Vulnerability Management•    Expert level knowledge in GRC policies, procedures, tools and best practices

•    Power BI Proficiency•    Expert level understanding of IT landscape to be able identify and articulate gaps from a risk management and service continuity perspective•    Deep knowledge of governance, risk and compliance requirements for the business•    Knowledge of industry best practice risk management methodologies, tools, and processes•    Creative problem solving and innovation•    Able to work effectively and collaborate with multi-disciplinary teams

Certificates / Training:

•    CRISC•    CISA•    CISSP•    CISRCP•    CC(GRC)P

Education

Required•    Bachelor's in Information Technology or equivalent

Preferred•    Advanced Technical Degree