Governance, Risk, and Compliance Manager
Baltimore, MD (Potential for Remote U.S.)
Applications have closed
Contrast Security
Contrast Security application security software unifies security and development with one DevSecOps platform and increases accuracy and productivity.Contrast Security is the world’s leading provider of security technology that enables software applications to protect themselves against cyberattacks, heralding the new era of self-protecting software. Contrast's patented deep security instrumentation is the breakthrough technology that enables highly accurate assessment and always-on protection of an entire application portfolio, without disruptive scanning or expensive security experts. Only Contrast has sensors that work actively inside applications to uncover vulnerabilities, prevent data breaches, and secure the entire enterprise from development to operations, to production.
About The Position
Reporting to the VP, Operational Risk and Data Privacy Officer, the GRC Manager will manage the security governance, risk, and compliance program, inclusive of Privacy, for the organization. Emphasis will be on managing and coordinating an internal governance program, recommending programmatic and technical directions for GRC functional areas, developing and executing compliance strategy for completing and maintaining industry standard security certifications, identifying areas of improvement and managing technical remediation campaigns, and reporting on program performance and metrics. The individual will work with various functions throughout the enterprise to implement and monitor the internal control environment and help maintain the best-in-class security posture of the company. This position is global, and a high-level understanding of various global security, privacy, and compliance requirements is required.
Responsibilities
- Align with our partners in Information and Cyber Security to ensure a deep knowledge of our product offerings and security environment
- Identify technologies to support policy objectives, and risk assessments (e.g. third-party risk, privacy, data protection)
- Recommend enhancements/ improvements to existing policies
- Research both regulatory filing information and drafting communication guidelines to ensure awareness across the enterprise of requirements
- Assist with risk assessments and audits with limited supervision from management
- Capture and analyze information to identify key risks and corresponding controls
- Systematically test and evaluate controls to verify efficiency and effectiveness of operation, reliability of information, and compliance with applicable laws and regulations
- Conduct internal reviews to measure compliance with GDPR, CCPA, ISO, NIST and other regulations and frameworks
- Support the Vendor Governance program relative to User Access Reviews, SOC reviews, Vendor assessments, etc
- Effectively communicate findings and recommendations to management in detailed and organized format/process via presentations to internal stakeholders and leadership
- Prioritize and implement corrective actions
- Conduct/ draft training and awareness materials (Annual Training, New Hire Training, One-off training)
- Partner with the office of the CISO, Legal, departmental managers, and IT, to support annual external industry standard security and privacy audits
- Support the company’s internal audit program
- Consult on company projects to ensure that privacy and compliance risks are being addressed
Qualifications
- Preferred 5 years of experience in Risk Management, Compliance, Privacy, Information Security, Compliance management, data protection controls or auditing experience with GRC tools or automation for information gathering and reporting
- Understanding of systems development life cycle methodologies
- Experience with supporting or leading the assessment and implementation of security controls in alignment with industry compliance and security standards and frameworks including one or more of: SOC 2 Type II, NIST, HITRUST, PCI DSS, ISO 27001, FedRAMP, etc
- Sound and practical knowledge of NIST 800-53 framework and controls across all security domains such as access management, configuration management, system development, software integrity, encryption methods, vulnerability management, network security, etc
- Solid knowledge and practical application of data security and privacy standards including SOC2, ISO27001, GDPR, CCPA, HITRUST, etc
- Experience with compliance program tooling including Enterprise GRC management platforms, vulnerability management platforms, issue tracking solutions, code repositories, cloud provider compliance services, governance automation
- Ability to provide technical guidance and leadership to professional personnel on matters concerning security governance
- Strong communication skills, ability to communicate complex information in a straightforward, pragmatic way to a variety of audiences, both verbally and in writing
- Solid interpersonal skills and the ability to effectively communicate with a wide range of individuals and constituencies in a diverse community
- Strong analytical skills, enabling sound evaluation of security and privacy requirements and translating them to right-sized security and privacy controls
- Understanding of right-sizing “to scale and maturity level” of organization
We are focused on building a diverse and inclusive workforce. If you’re excited about this role, but do not meet 100% of the qualifications listed above, we encourage you to apply.
What We Offer
- Competitive compensation
- Medical, dental, vision benefits
- 401(k)
- Flexible paid time off
We are changing the world of software security. Do it with us. We believe in what we do and are passionate about helping our customers secure their business.If you’re looking for a challenge and want to enjoy where you work, you’ll love Contrast Security.
Contrast Security is committed to a diverse and inclusive workplace. Contrast Security is an equal opportunity employer and our team is comprised of individuals from many diverse backgrounds, lifestyles, and locations.
By submitting your application, you are providing Personal Information about yourself (cover letter, resume, email address, etc.) and hereby give your consent for Contrast Security, Inc. and/or our HR-related Service Providers, to use this information for the purpose of processing, evaluating and responding to your application for current and future career opportunities. If you are a resident of the European Economic Area or are applying for a position in the European Economic Area, Contrast’s Privacy Statement reflects our policies around compliance with the General Data Protection Regulation (“GDPR”) and your rights respective to GDPR as a California resident, you are entitled to certain rights under CCPA: The California Consumer Privacy Act of 2018 (“CCPA”) will go into effect on January 1, 2020. Under CCPA, businesses must be overtly transparent about the personal information they collect, use, and store on California residents. CCPA also gives employees, applicants, independent contractors, emergency contacts and dependents (“CA Employee”) new rights to privacy.
Recruitment Agencies: Although we value the services you provide, at this time we are not accepting resumes from agencies, headhunters, or other suppliers who have not signed a formal agreement with us.
Tags: Audits Automation CCPA Cloud Compliance Encryption FedRAMP GDPR Governance HITRUST ISO 27001 Network security NIST PCI DSS Privacy Risk assessment Risk management SDLC SOC SOC 2 Strategy Vulnerabilities Vulnerability management
Perks/benefits: Career development Competitive pay Flex vacation Health care
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Staff Security Engineer jobs
- Open Product Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Senior Information Security Analyst jobs
- Open Cyber Security Specialist jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Cybersecurity Specialist jobs
- Open Senior Security Architect jobs
- Open Sr. Security Engineer jobs
- Open IT Security Engineer jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open Forensics-related jobs
- Open CEH-related jobs
- Open Kubernetes-related jobs