Cyber Governance, Risk, & Compliance (GRC) Associate

Job Description Summary

For over forty years, HarbourVest has been home to a committed team of professionals with an entrepreneurial spirit and a desire to deliver impactful solutions to our clients and investing partners. As our global firm grows, we continue to add individuals who seek a collaborative, open-door culture that values diversity and innovative thinking.

In our collegial environment that’s marked by low turnover and high energy, you’ll be inspired to grow and thrive. Here, you will be encouraged to build on your strengths and acquire new skills and experiences.

We are committed to fostering an environment of inclusion that promotes mutual respect among all employees. Understanding and valuing these differences optimizes the potential of both the individual and the firm.

HarbourVest is an equal opportunity employer.

This position will be a hybrid work arrangement, which translates to 2-3 days minimum per week in the office.

As the Cyber GRC Associate at HarbourVest Partners, this job role will be responsible for ensuring regulatory compliance as It relates to cyber security, managing risks, and maintaining robust governance policies. Reporting to the Chief Information Security Officer,  this includes but is not limited to, conducting global IT risk assessments, compliance audits, and establishing governance frameworks to safeguard systems and sensitive information.  Additionally, this role will assist in developing risk management strategies and participate in due diligence processes. 

The ideal candidate is someone who is:

• Passionate about results, goal driven, outspoken, accountable, and collaborative
• Able to drive business decisions using data and comfortable reporting on metrics
• Familiar working at a company with a global presence spanning multiple time zones
• Demonstrates a strong commitment to ethical practices and maintaining the highest standards of honesty and transparency
• Self-starter with demonstrable ability to work independently, think on their feet and prioritize tasks and time effectively
• Takes the initiative to identify and address potential issues before they become significant problems
• Is an exceptional communicator, both written and verbally

What you will do:

• Drive and own the development and maintenance of cybersecurity policies, standards, and procedures to ensure compliance with industry regulations and best practices.
• Lead cyber regular risk assessments and audits to identify potential threats and vulnerabilities, as well as help develop mitigation strategies.
• Assist CISO In preparing quarterly board reports
• Partner with Deputy CISO and Security Operations team to ensure polices and procedures remain relevant and effective as regulatory/threat landscapes evolve
• Act as key point person to liaise global partners In Legal, Compliance, Vendor Management and Enterprise Risk teams to support the integration of cybersecurity initiatives across the organization.
• Monitor and report on the effectiveness of the cybersecurity program, including key performance indicators and metrics.
• Stay informed about the latest cybersecurity trends, threats, and regulatory requirements, and provide support in implementing relevant updates.
• Assist in managing relationships with external cyber auditors, and the Internal Compliance team to ensure adherence to laws and regulations across the globe.

What you bring:

• Demonstrable experience in the financial services industry, with an understanding of specific security challenges and regulatory requirements.
• The ability to support the development and implementation of robust cybersecurity policies and procedures that align with industry best practices and regulatory requirements.
• Strong communication skills to effectively convey cybersecurity concepts to both technical and non-technical stakeholders.
• A proactive approach to staying current with the latest cybersecurity trends and threats, ensuring the organization remains well-protected.
• The ability to build and maintain strong relationships with internal business partners of all levels.

Education Preferred

• BS in Computer Science, Information Security, or equivalent work experience
• Certified Governance Risk & Compliance (CGRC) status required within 1 year of employment

Experience

• 1-2 years of relevant work experience

#LI-Hybrid