5+ years of experience in Information Security risk management, leading/managing assessments, security audits, and/or managing compliance requirements across an enterprise
5+ years of experience with regulatory compliance and frameworks such as NIST 800-53, NIST CSF, PCI-DSS 3.2 or higher, HIPAA, NYDFS 23 NYCRR 500, ISO 27001/2, and/or NAIC Data Security Law
My client, a global (re)insurance firm, are looking for a Cybersecurity GRC (Governance Risk & Compliance) Consultant to join their Enterprise Information Security (EISO) team to:
Analyze & document the Group's risk & compliance policies in relation to internal and external regulatory requirements.
Assist with third-party Risk Management, Cyber Risk Management and Cyber Compliance services.
Key responsibilities include, but are not limited to:
- Project Management for vendor-led risk assessments
- Manage Risk Issues in the enterprise Integrated Risk Platform (IRP)
- Support the reverse due diligence TPRM process with external audits, examinations, and survey requests
- Maintain the Enterprise Control Model (ECM) within the Integrated Risk Platform (IRP)
- Apply control language updates as needed
- Manage annual control owner confirmation processes
- Maintain control owners and control performers data
- Ensure authoritative sources are up to date including quarterly reviews
- Align new authoritative sources to the Enterprise Control Model
- Maintain risk library records
- Manage the Risk Activity Mapping (RAM) process to ensure that all RAM records in IRP are up to date
- This includes mapping risk activities to business processes and controls
- Manage quarterly reporting of KRIs and KPIs in Tableau and PowerPoint
- Support annual KRI and KPI development process
- Support the routine revision and monitoring of information security risk appetite
- Support routine and ad-hoc information security risk assessments
- Conduct routine reporting and analysis of risk issues, remediation plans, and risk acceptances
Successful Cybersecurity GRC (Governance Risk & Compliance) Consultants will:
Possess 5+ years of experience in Information Security risk management, leading/managing assessments, security audits, and/or managing compliance requirements across an enterprise
Have 5+ years of experience with regulatory compliance and frameworks such as NIST 800-53, NIST CSF, PCI-DSS 3.2 or higher, HIPAA, NYDFS 23 NYCRR 500, ISO 27001/2, and/or NAIC Data Security Law
This role requires thorough knowledge of information security risk management.
If you are interested or available, please apply now!