Sr Manager of GRC (Remote)

Who We Are/Job Description:

We are a mission-based online banking start-up, based in Dallas, TX, backed by a number of reputable investors. With over 100 employees already on board, we are currently seeking a Sr Manager of Governance, Risk, and Compliance to report to our Head of Security.

What you’ll do:

  • Reporting to the CISO, work across business lines, risk management, and compliance teams to design, deploy and implement a technology risk and governance program for a leading financial institution.
  • Own and scale our policy and control framework supporting various compliance frameworks including FFIEC, NIST, Mitre and PCI.
  • Build trust with our customers and other stakeholders by responding to customer security and compliance questionnaires and representing GRC on customer calls
  • Improve third-party risk management processes and support the head of vendor management in the development and implementation of a comprehensive third-party risk management program
  • Develop and implement robust Disaster Recovery / Business Continuity Planning (BCP) governance programs as well as a robust cadence of tests to validate the security and resiliency posture of the organization
  • Coach, educate, and engage internal employees across all teams and help drive security and privacy awareness and a culture of trust and compliance
  • Participate in audit planning activities to develop audit scopes and provide second line support for operational oversight
  • Design test plans to determine the adequacy and effectiveness of internal controls and compliance with policies and procedures and applicable regulations
  • Conduct tests of information technology application and system processes and controls
  • Demonstrate proficiency in applying information systems audit principles, skills and techniques
  • Understand the financial, operational and compliance risks which affect information systems design
  • Identify value-added recommendations and align with local and corporate management on corrective actions to address identified risks
  • Lead the control testing and reporting program strategy to ensure continuous alignment with Risk Management, Compliance, and Governance (GRC) with a primary focus on SOX & FFIEC.
  • Deliver accurate and actionable compliance guidance and direction to internal stakeholders.
  • Build strong cross-functional relationships with business partners to facilitate the development of strong compliance programs that support continuous improvement and operational efficiency.
  • Partner and collaborate with cross-functional team members within SOX Compliance, Security GRC and external auditor teams to gather evidence in support of internal and external assessments and audits.
  • Develop and implement an effective program that leverages an internal common control framework and other applicable standards, policies and regulations.
  • Closely monitor internal projects, audit results and emerging IT trends to determine relevance and impact to the technology risk posture of the institution.
  • Hands-on review of SOX and other audit workpapers.
  • Manage the Vulnerability management and red/purple team function, including penetration testing, hunts for indicators of compromise, and table tops / war game exercises
  • Define Metrics for the security team that align with business goals and translate to business value

Requirements:

  • 5 Year cybersecurity and GRC experience
  • Financial services experience is a plus
  • Strong analytical, organizational, written, and verbal communication skills.
  • Positive and optimistic personality – no problem is too big.
  • Sense of ownership: take on new projects which involve research, becoming a subject matter expert, and driving them to completion.
  • Ability to work on multiple, moderate to high complex assignments simultaneously.
  • Very strong problem solving, troubleshooting skills for issues that involve critical data needs between critical applications
  • Ability to work with multiple vendor application and development teams when implementing and troubleshooting interface initiatives
  • CISM, CISSP or equivalent industry certification

Related Post