Manager, Cybersecurity Governance and Compliance
New York City - PARK
Over the last 20 years, Ares’ success has been driven by our people and our culture. Today, our team is guided by our core values – Collaborative, Responsible, Entrepreneurial, Self-Aware, Trustworthy – and our purpose to be a catalyst for shared prosperity and a better future. Through our recruitment, career development and employee-focused programming, we are committed to fostering a welcoming and inclusive work environment where high-performance talent of diverse backgrounds, experiences, and perspectives can build careers within this exciting and growing industry.
We are seeking a highly motivated Cybersecurity Governance Risk and Compliance (GRC) professional who will be responsible for monitoring and supporting our global IT and Security related GRC efforts. Responsibilities of a successful candidate would also include ensuring the organizations adherence to Cybersecurity policies, standards, and procedures, developing sector specific security training programs, managing cybersecurity risk, and maintaining compliance with relevant regulations and security frameworks. This candidate must have excellent technical writing skills, strategic process development capabilities, and a deep understanding of various industry standard cybersecurity frameworks. A successful candidate will be expected to participate in cross functional support of programs run and operated by our Compliance, Enterprise Risk Management, Internal Audit, and Legal teams. This candidate should also have excellent verbal communication skills with the ability to present GRC information to internal and external parties.
The candidate will be part of a talented team of Cybersecurity Professionals that demonstrate excellent technical competencies. This is an opportunity to support mission critical Cybersecurity Governance efforts by ensuring we are proactively identifying gaps in security and proposing security controls to address them. If you are a candidate looking to be a part of a dynamic team, that continuously challenges itself, is committed to learning and improving, and passionate about cybersecurity, then this could be the right opportunity for you!
Primary Functions & Responsibilities
Write policies, standards, procedures, guidelines, and other technical security documents.
Design technical and administrative enforcement mechanisms for defined security rules.
Develop and deliver sector specific annual cybersecurity awareness training and manage overall cybersecurity training program, including phishing campaigns and other components of training.
Contribute to data governance working group initiatives around data security and data privacy.
Select, design, develop and implement security controls within our internal control catalog.
Facilitate security control testing and integrate controls into existing processes.
Maintain inventory of succinct and accurate security program descriptions for answering RFPs/RFIs/DDQs/etc.
Coordinate comprehensive risk assessment within the risk management program and develop/propose risk mitigation strategies.
Conduct security TPRM for Vendors at onboarding, contract review, RFP/RFI, and annual re-assessments while managing the continuous monitoring strategy.
Maintain GRC Metrics, risk tolerances/triggers.
Develop automated reports and use data visualization tools to visualize GRC KPIs.
Interpret audit request lists and perform evidence collection activities in support of various audits.
Minimize user disruption due to burdensome security controls or duplicative evidence collection.
Bachelor’s degree in Cybersecurity, Engineering, Information Security, Information Technology, Computer Science or other related disciplines.
5+ years of Governance, Information Technology, Security, or Risk Management experience in the finance or technology sector.
Fundamental understanding and familiarity with global cybersecurity regulatory requirements, and security frameworks (ex. National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF), International Organization for Standardization (ISO)27001, American Institute of Certified Public Accountants (AICPA) Trust Services Criteria), General Data Protection Regulation (GDPR).
Strong technical writing skills for policy, standard, and procedure writing/editing.
Strong strategic process development skills with a tendency toward automation.
Proven experience conducting cybersecurity risk assessments and compliance audits.
Familiarity with security controls implementation, monitoring, and improvement.
Excellent communication skills to collaborate with cross-functional teams and stakeholders.
Experience using data visualization tools to develop reports.
Ability to build automated workflows using tracking software such as JIRA.
The anticipated base salary range for this position is listed below. Total compensation may also include a discretionary performance-based bonus. Note, the range takes into account a broad spectrum of qualifications, including, but not limited to, years of relevant work experience, education, and other relevant qualifications specific to the role.
$160,000 - $190,000
The firm also offers robust Benefits offerings. Ares U.S. Core Benefits include Comprehensive Medical/Rx, Dental and Vision plans; 401(k) program with company match; Flexible Savings Accounts (FSA); Healthcare Savings Accounts (HSA) with company contribution; Basic and Voluntary Life Insurance; Long-Term Disability (LTD) and Short-Term Disability (STD) insurance; Employee Assistance Program (EAP), and Commuter Benefits plan for parking and transit.
Ares offers a number of additional benefits including access to a world-class medical advisory team, a mental health app that includes coaching, therapy and psychiatry, a mindfulness and wellbeing app, financial wellness benefit that includes access to a financial advisor, new parent leave, reproductive and adoption assistance, emergency backup care, matching gift program, education sponsorship program, and much more.
More jobs like this
New York City New York City Full TimeExecutive Executive-levelUSD 289K - 353K USD 289K+
Federal Reserve System
Program Director, Cybersecurity Risk and PolicyBanking Clearance Compliance Privacy Security Clearance Strategy
401(k) matching Career development Flex hours Flex vacation Health care +5
San Francisco, CA, United … San Francisco, CA, United States Full TimeExecutive Executive-levelUSD 269K - 329K USD 269K+
Head of Compliance, Emerging BusinessesAnalytics Banking Blockchain C Compliance Crypto +4
Career development Equity Flex hours Flexible spending account Flex vacation +7
., ., United States ., ., United States Full TimeExecutive Executive-levelUSD 48K - 90K * USD 48K+ *
Insider Threat Director - 100% US REMOTE ONLYAnalytics Compliance Governance Incident response Monitoring Risk assessment +3
401(k) matching Career development Competitive pay Equity Flex hours +5
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open IT Security Analyst jobs
- Open Senior Information Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Information Security Officer jobs
- Open Security Operations Engineer jobs
- Open Analyste CERT / Incident Responder junior (H/F) jobs
- Open Ingénieur DevSecops H/F jobs
- Open Staff Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Security Architect jobs
- Open Chief Information Security Officer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Analyste CERT / Incident Responder senior (H/F) jobs
- Open o365 Security Architect jobs
- Open Senior Security Analyst jobs
- Open Principal Security Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Staff Product Security Engineer jobs
- Open Electronic Warfare Advanced Tactical Trainer jobs
- Open Product Security Engineer jobs
- Open Security Researcher jobs
- Open Cyber Security Architect jobs
- Open GCP-related jobs
- Open SOC-related jobs
- Open Risk assessment-related jobs
- Open Network security-related jobs
- Open Governance-related jobs
- Open Pentesting-related jobs
- Open ISO 27001-related jobs
- Open Analytics-related jobs
- Open CISM-related jobs
- Open SaaS-related jobs
- Open Threat intelligence-related jobs
- Open IAM-related jobs
- Open Malware-related jobs
- Open Java-related jobs
- Open Security Clearance-related jobs
- Open Vulnerability management-related jobs
- Open CISA-related jobs
- Open DevOps-related jobs
- Open Kubernetes-related jobs
- Open Security assessment-related jobs
- Open Forensics-related jobs
- Open APIs-related jobs
- Open SQL-related jobs
- Open CI/CD-related jobs
- Open EDR-related jobs