Process: 2 interviews via Teams, background check, procurement to ship out computer, start. ( 3 week process end to end)
The Risk and Compliance Consultant will play a critical and strategic role developing, maintaining, enhancing, and executing the GRC program including identifying, assessing, and mitigating potential cyber security risks, establishing control frameworks and library, and ensuring compliance with regulatory requirements, policies and standards.
Responsibilities
Develop, enhance, and operationalize enterprise-level risk and compliance policies, processes, and controls to mitigate risk and comply with applicable laws and regulations.
Performing activities to monitor and assess governance, risk, and compliance controls on an ongoing basis.
Work closely with the operational departments (Legal, Enterprise Risk Management, DEI, DRI, Internal Audit, and IT) to develop and monitor cybersecurity policies/standards to achieve compliance with applicable requirements.
Collaborate with key stakeholders to review projects, business critical systems and related data to ensure compliance with regulatory laws, and if necessary, perform and advise on risk impact assessments.
Coordinate, conduct and act as primary contact for all internal and external audits (cyber security & compliance).
Lead the development and ongoing management of a risk program across the company.
Identify, track, monitor, and report on SOX IT General Controls and other compliance requirements.
Provide recommendations to stakeholders when appropriate.
Design and implement a robust cyber risk governance framework, processes and stakeholder engagement strategy tailored to our organization's specific needs and requirements.
Operationalize cyber risk governance to ensure seamless integration into daily operations and decision-making processes.
Influence stakeholder adoption of cyber risk management standard guidelines for ownership identification and assignment of accountability for top cyber risks and mitigating activities.
Establish reporting and updating procedures with accountability owners and ensure they are followed.
Develop and implement performance metrics to measure the effectiveness of cyber risk governance activities.
Collaborate with cross-functional teams to embed a culture of cyber risk awareness and accountability throughout the organization.
Provide training and support to stakeholders on utilizing cyber risk governance tools and interpreting data insights effectively.
Educate employees on risk management principles, processes, and their responsibilities; foster a cyber risk-aware culture within the organization by promoting awareness and understanding of cyber risk management across all levels.
Drive continuous improvement initiatives to enhance the efficiency and effectiveness of cyber risk governance processes.
Conduct comprehensive cyber risk assessments of information systems, applications, 3rd parties and processes to identify potential vulnerabilities, threats, and impacts.
Analyze and prioritize cyber risks based on their potential impact on the organization’s operations, data, and reputation.
Develop and implement cybersecurity training programs to educate employees on their obligations and promote a culture of compliance.
Keep abreast of industry trends, regulatory developments, and emerging technologies to innovate and evolve our cyber risk governance capabilities.
Oversee creation of mitigation plans and processes, incorporating risk registers and controls on risks, and helping accountability owners understand the plans to reduce risk.
Collaborate with cross-functional governance teams/risk management owners to ensure mitigation implementation strategies are appropriately established and accountability holders are held responsible.
Coordinate with different accountability owner's leadership to ensure teams are tracking and trending properly.
Ensure risk areas receive the appropriate amount of attention and oversee the process on any necessary follow-ups.
Set best practices for identifying risk policy or procedure, risk ownership, or contractual language issues from relevant stakeholders for a portfolio of projects and/or risks.
Requirements
Bachelor’s degree in IT/Technology, Accounting, or Business related legal field.
8 years of experience in Risk Management, Privacy, Cyber Security, Compliance, and/or Internal Audit experience
Experience initiating and/or managing programs or projects in a rapidly changing or ambiguous environments that led to substantial improvements in risk.
The ability to balance business interests with the need for compliance standards.
Expertise in compliance standards, e.g., SOX, ISO 27001, SOC1/2, SSAE 16, NIST CSF and PCI DSS.
Strong understanding and experience in enabling GRC solutions and common control framework for data regulations.
Excellent process improvement skills.
Ability to work independently in a fast-paced environment and handle multiple complex & confidential tasks.
Excellent communication, interpersonal skills and attention to details & deadlines.
Experience with GRC tools such as Service Now, OneTrust, AuditBoard, etc.
Experience in cyber security and governance with increasing responsibilities.
Strong background in cyber security controls, auditing, network and system security.
Ability to express complex technical concepts in business terms.
Organized and detail-oriented, able to work well under deadlines in a changing environment and complete multiple projects effectively and concurrently.
Evaluate effectiveness of the internal cyber security control framework and recommend adjustments as business needs change.
Regularly interact with all levels of management to present and discuss control effectiveness.
Review and coordinate changes to cyber security policies, procedures, and standards.
Seniority level
Mid-Senior level
Employment type
Full-time
Job function
Information Technology
Industries
IT Services and IT Consulting
Referrals increase your chances of interviewing at Steneral Consulting by 2x