Overview
recruiter -
lorena padilla
position reports to:
cressida l. Stearns
work schedule:
hybrid, going to the office in gdl for 3 days
position summary statement
the principal ii of governance risk and compliance ("grc") acts as a technical expert, focusing on providing expertise, guidance, and support on grc management topics. This role supports continuous improvement of grc management methodologies, tools and processes to ensure proactive oversight and management of the technology risk landscape.
how you would contribute
* 10+ years experience to provide technical expertise on cybersecurity, it governance and risk management tools and processes
* act as subject matter expert (sme) on cybersecurity and it governance risk management best practices
* identify it and is control weaknesses, regulatory compliance issues, and potential areas of risk across all segments of technology
* drive continuous improvement initiatives and innovative solutions to enhance the effectiveness of grc processes.
* mentor team members to understand grc management best practices, policies and procedures
* maintain current knowledge of applicable regulations and policies relevant to gdts
* lead the design, development and implementation of new grc tools, processes and best practices across tech projects and programs
* design and implement training programs to enhance the skills and knowledge of team members in grc.
* conduct regular audits to ensure compliance with internal policies and external regulations, and address any identified gaps
* develop a cooperative environment that fosters knowledge sharing and technical growth
* provide guidance for technology teams for full end-to-end implications of decisions in area of expertise
* perform analysis on the vulnerability scan reports to facilitate the reporting of metrics to management.
* create metrics reports and dashboards for leadership.
* ensure all processes and practices comply with industry standards and regulatory requirements.
* maintain clear and effective communication with stakeholders to ensure alignment and transparency in project goals and progress.
* lead the teams to deliver on time with acceptable level of deviation.
* build key metrics for grc, coordinating with technology and cyber security teams.
* regular review and maintain the grc model to ensure it remains effective and relevant
what's special about the team
governance risk and compliance is a global team collaborating with it, cybersecurity, privacy, enterprise risk among other risk teams in the company, to manage technology risks and provide proactive risk solutions. Our vision is to provide risk information to support fact-based decision making, aligned with our enterprise strategy.
qualifications
skills and background required to be sucessful:
* excellent written and verbal communication skills. Communicates effectively to both technical and executive audiences.
* strong interpersonal and influencing skills
* strong understanding vulnerability management
* strong technical knowledge of cybersecurity
* expert level knowledge in grc policies, procedures, tools and best practices
* expert level understanding of it landscape to be able identify and articulate gaps from a risk management and service continuity perspective
* deep knowledge of governance, risk and compliance requirements for the business
* knowledge of industry best practice risk management methodologies, tools, and processes
* creative problem solving and innovation
* able to work effectively and collaborate with multi-disciplinary teams
certificates / training: (must have)
* cisa
* cissp
* cism - cert inform sec manager
* ceh - cert ethical hacker
* oscp - offensive security certified professional
* osce
* ccsp
education required
* bachelor's in information technology or equivalent
preferred
* advanced technical degree
términos y condiciones de uso política de cookies política de privacidad