- Strategy Development: Define, develop, and oversee the implementation of the GRC strategy aligned with the company's business goals and legal requirements.
- Policy & Procedure Management: Develop, maintain, and oversee GRC policies and procedures to ensure they are in accordance with applicable laws, regulations, and industry standards, including but not limited those governed by SEC, Client, OCC, NFA, FCA, MAS, and other global financial regulators.
- Risk Management: Identify, assess, and monitor enterprise risks, including strategic, operational, financial, privacy, and cybersecurity risks. Implement risk mitigation strategies and mechanisms to address identified risks and potential non-compliance.
- Data Privacy: Ensure compliance with global data privacy and protection regulations, including GDPR in Europe and CCPA in California, through the creation and maintenance of robust data handling and privacy policies.
- Regulatory Compliance: Maintain a current understanding of relevant laws and regulations to ensure the organization achieves and sustains compliance. Proactively monitor and respond to regulatory changes and updates.
- Client Engagement: Primary point of contact responding to Client Due Diligence and RFPs.
- GRC Reporting: Create comprehensive GRC reports for the executive leadership and board of directors that provide clear insights into the company's risk profile, compliance status, and governance effectiveness.
- Training & Awareness: Oversee the creation and implementation of a GRC awareness and training program to ensure that employees are aware of the role they play in maintaining good governance and compliance.
- Third-party Management: Manage and monitor the GRC aspects of third-party relationships to ensure that vendors and partners are adhering to the company's GRC policies and relevant regulations.
- Audit Management: Coordinate with internal and external auditors to facilitate audits, with the goal of assuring compliance and address potential issues proactively.
- Incident Response: Develop and implement an incident response plan to handle GRC-related incidents effectively, including data breaches or non-compliance events. Coordinate annual incident response table-top exercises.
- Continuous Improvement: Regularly review and refine the company's GRC practices, leveraging technology and industry best practices to drive efficiency and effectiveness.
- Bachelors of Science Degree in Information Security or related field, or equivalent years of experience
- CISSP, CISA, Security+, CED, CIH+ or related certification in security operations and engineering
- Ten or more years of experience in Information Security, working with GRC tools and methodology
- In-depth Knowledge of Relevant Laws and Regulations: This includes an understanding of data protection laws such as GDPR and CCPA, as well as other regulatory frameworks relevant to the specific industry and location of the business.
- Risk Management Skills: Ability to identify, analyze, and effectively mitigate or manage enterprise risks. Familiarity with risk management frameworks and methodologies is essential.
- Strategic Thinking and Leadership: Strong ability to lead and manage the GRC function, develop and execute strategic plans, and guide the organization towards its GRC objectives.
- Communication and Presentation Skills: Excellent written and verbal communication skills, with the ability to present complex GRC issues and strategies clearly to various stakeholders, including the executive team and board of directors.
- Analytical Skills: Strong ability to analyze complex data, interpret compliance requirements, and develop effective solutions.
- Project Management Skills: Proficiency in planning, executing, and monitoring multiple projects simultaneously to ensure they are completed on time and within budget.
- Negotiation and Influencing Skills: Ability to negotiate with, influence, and secure buy-in from various stakeholders, both internal and external, to achieve GRC objectives.
- IT Proficiency: Familiarity with the use of GRC technology solutions, as well as a broad understanding of information security principles and best practices.
- Continuous Learning: A commitment to keeping up to date with the latest developments in the GRC field, including evolving laws and regulations, emerging risks, and best practices in GRC management.
-
Head of Information Security Governance
3 weeks ago
PRI Technology New York, United StatesHead of Information Security Governance · Reporting directly to the Chief Information Security Officer, the Head of Security Governance, Risk, and Compliance (GRC) plays an instrumental role in guiding the company's GRC strategies and processes. As the primary GRC authority, this ...
-
Cyber Security Risk Governance Specialist
4 weeks ago
UBS Weehawken, United StatesUnited States - New Jersey · - Information Technology (IT) · - Group Functions · **Job Reference #** · BR · **City** · - Weehawken · **Job Type** · - Full Time · **Your role** · - Do you have a strong technical cyber security background? Do you have proven experience in cyber ris ...
-
MetTel Holmdel, United States Part timeMetTel Communications is seeking an experienced Personnel Security Specialist to process employees for HSPD12 Public Trust/Suitability and with the knowledge and experience to process contractor and sub-contractor employees for USPS Sensitive Clearances. · MetTel is a leading gl ...
-
Junior Consultant Identity
2 weeks ago
Omega Ventures Empire, United StatesAbout the Company · We are a leading, Europe-wide software and consulting company based in Offenbach am Main. We advise companies and integrate IT solutions from exclusive partners as well as our independently developed software products (daccord and inchorus). Our mission is to ...
-
Principal Data Engineer, Infusion Operations
3 weeks ago
UnitedHealth Group New York, United StatesBuild and maintain data pipelines and stores in an Azure Databricks environment, manage security and data governance, lead offshore developers, and partner with business to ingest data from old sources into new platform. ...
-
Information Governance Analyst
1 day ago
Considine Search New York, United StatesSummary · The New York office of an elite Global Law Firm is looking to hire an experienced Information Governance Analyst to join the Electronic Information Governance Department. The Information Governance Analyst provides day to day services in support of Firm and client needs ...
-
Litigation Associate
3 weeks ago
FLB Next Recruit Group New York, United StatesFLB Next Recruit Group is assisting a client of ours a prestigious law firm, in seeking a mid-level Litigation Associate with 5-7+ years of experience at a major law firm. Our cleint ideal candidate will have experience in general commercial litigation, and/or securities litigati ...
-
Platinum Legal Search Group, LLC New York, United StatesTop law firm seeks White Collar Partner / Group with portable business for Securities Enforcement/White Collar Litigation team. Partner should possess extensive expertise in securities enforcement and white collar defense, regulatory investigations, and compliance matters. The id ...
-
Senior Information Security Analyst
6 days ago
Pelham Berkeley Search New York, United States Direct HireHigh Profile Bank in Manhattan seeks an Senior Information Security Analyst (Officer level - AVP). · Tremendous full-time direct hire career opportunity with International Organization that offers a great work environment, interesting projects and competitive compensation K+ bonu ...
-
Corporate Partner Attorneys
4 weeks ago
Platinum Legal Search Group, LLC New York, United StatesTop Law firm is actively seeking experienced Corporate partners and groups ( portable business preferred) to join it's thriving M&A, private equity, capital markets and securities practices. If you are a seasoned partner with a robust background in M&A, corporate securities, and ...
-
Cyber Security Architect
2 weeks ago
Atlantic Group New York, United StatesOur client, a leading global private equity firm with over $80B AUM, is seeking a full-time Security Architect to build out and their security roadmap and provide technical expertise in the design, implementation, and maintenance of the firm's information security program. This i ...
-
vp, data security
3 weeks ago
WebMD Health Corp Newark, United StatesDescription · Position at WebMD WebMD is the most recognized and trusted brand of health information and the leading provider of health information services, serving consumers, physicians, healthcare professionals, employers and health plans through our public and private onlin ...
-
Cloud Security Operations Lead
3 weeks ago
Conexess Group, LLC New York, United StatesCloud Security Operations Lead (AWS) · Mandatory Skills: AWS Security, Identity & Compliance: Advanced · Cloud Security: Advanced · Basic Qualifications: · . + years of experience in cloud security operations, specifically AWS. · . Proven track record of leading team prioritiz ...
-
Director, Risk, Forensics
3 weeks ago
Ankura New York, United States Full timeAnkura is a team of excellence founded on innovation and growth. · Job Description: · Ankura is a specialized global expert services firm defined by HOW we solve challenges. Whether a client is facing an immediate business challenge, trying to increase the value of their company ...
-
DevSecOps - Vulnerability
3 weeks ago
QUANTEAM - North America (RAINBOW PARTNERS Group) New York, United StatesQuanteam is an independent Financial Markets consulting company based in France, the UK, the USA, Canada, and Morocco. Our team of 1.000 employees supports Corporate and Investment Banks, Asset Management Companies, Insurance, and Corporate for their projects in financial enginee ...
-
Data Governance Lead
2 weeks ago
iO Associates - US New York, United StatesData Governance Lead · ONSITE (NYC)/FTE · 150k Base range · Our client is undergoing a digital transformation and is looking for someone to set new foundations in their Data Governance practice. This full-time NYC based role is a great opportunity to be in the forefront of set ...
-
Compliance Analyst
2 weeks ago
The Goodkind Group, LLC New York, United StatesReporting directly to the SVP, Deputy Chief Compliance Officer, the Compliance Analyst will assist with the design and daily responsibilities of the compliance program for Capital Partners, managing a range of legal, regulatory and compliance risks associated with third-party cap ...
-
Senior Software Engineer, Tools
4 days ago
MongoDB New York, United StatesResponsibilities · As a Senior Tools Software Engineer, you bring expertise in hands-on MERN stack software development with a focus on software security. You will primarily contribute to our MERN stack codebase in the capacity of feature development and enhancement, bug fixes, a ...
-
Fund/Securities Transactional Attorney
2 weeks ago
Fawkes IDM New York, United States Full timeResponsibilities · Reviewing and negotiating fund documentation, including limited partnership agreements, subscription agreements, and side letters. · Advising clients on a range of securities transactions, including public offerings, private placements, and Regulation D offerin ...
-
Pre-Sales Solutions Architect
6 days ago
Qualys New York, United States Full timeDescription · Typical Duties: Support complex deals in the pre-sales stage alongside Qualys sellers and take ownership for driving the technical engagements and securing the technical win · Understand and document customers' compliance and security requirements and come up with ...
Head of Information Security Governance - New York, United States - Atlantic Partners
Description
Summary:Reporting directly to the Chief Information Security Officer, the Head of Security Governance, Risk, and Compliance (GRC) plays an instrumental role in guiding the company's GRC strategies and processes. As the primary GRC authority, this leader ensures the alignment of the company's risk management framework with its business objectives and regulatory requirements. A vital addition to the team, the Head of Security GRC significantly contributes to the company's overall strategy and goals by establishing robust compliance mechanisms and effective risk mitigation measures.
The successful candidate will possess a balanced combination of profound technical expertise and an established background in GRC. This role demands comprehensive and extensive knowledge, particularly in the areas of corporate governance, risk management, regulatory compliance, and the creation of enterprise wide GRC policies. The Head of Security GRC should be equipped to identify and address potential vulnerabilities, while proactively enhancing the company's overall GRC posture.
Responsibilities
Head of Information Security Governance professionals in New York City
-
Nasine Dam
Executive IT leader
-
Coco St.Clement
Marketing Strategist
-
Gregory Zelo
CIO Driving Digital Transformation & Innovation
-
sarayu krishna
Product Designer
-
Reza Hamzeh
SQL Server Database Administrator
-
James Talbot
Corporate Communications Executive