Manager IT Governance Risk Management - Lombard, United States - Viskase Companies Inc.

Viskase Companies Inc.
Viskase Companies Inc.
Verified Company
Lombard, United States

3 weeks ago

Mark Lane

Posted by:

Mark Lane

beBee recruiter
Description

About the Role


The
Manager of IT GRC will be responsible for overseeing cyber security, data governance, and IT controls audit topics, among other areas.

This role will play a critical role in ensuring the effective governance, management, and compliance of our information technology systems and processes.


Key Responsibilities

Develop and Implement IT Governance Frameworks: Design, implement, and maintain IT governance frameworks, policies, and procedures to ensure the effective management and oversight of IT resources and activities.


Risk Assessment and Management:
Conduct comprehensive risk assessments of IT systems, infrastructure, and processes. Develop and implement risk mitigation strategies and controls to minimize IT-related risks and vulnerabilities.


Compliance Management:

Ensure compliance with relevant regulatory requirements, industry standards, and best practices, including but not limited to Sarbanes-Oxley (SOX), GDPR, ISO 27001, and NIST Cybersecurity Framework.


  • Conduct compliance assessments by understanding business objectives, structure, policies and procedures, internal controls, and external regulations.
  • Assess the effectiveness of internal controls over key IT risk.
  • Improve control assurance by developing tests, compliance reports and security metrics.
  • Manage responses to and followup with internal and external audits.
  • Identify and recommend business process changes to strengthen internal controls.
  • Complete IT control selfassessments and related findings.

Policy Development and Enforcement:
Develop and enforce IT policies and procedures to promote compliance, security, and best practices across the organization. Monitor compliance with policies and initiate corrective actions as necessary.


Audit and Assurance:
Coordinate and support internal and external audits of IT systems and controls. Collaborate with audit teams to address findings and implement remediation plans.


Cyber Security:

Oversee the development and implementation of cyber security strategies and controls to protect the confidentiality, integrity, and availability of critical business assets.

Monitor and respond to security incidents and breaches.

  • Provide comprehensive cyber security expertise and riskmitigation strategies bridging technical and nontechnical domains.
  • Perform risk assessment using various industry standard frameworks.
  • Collaborate with control owners to implement process changes and track to completion.
  • Advise and collaborate on projects by providing IT controls expertise and considerations.
  • Support and improve key process controls, including identity and access management, threat and vulnerability management, incident management and response and thirdparty risk management.
  • Create and maintain the enterprise's security documents (policies, standards, baselines, guidelines and procedures) with IT management.
  • Facilitate information security risk analysis and risk management processes with business units and to identify acceptable levels of residual risk.
  • Development and delivery of IT risk and security awareness and compliance training programs.
  • Support and improve key process controls, including identity and access management, threat and vulnerability management, incident management and response and thirdparty risk management.
  • Create and maintain the enterprise's security documents (policies, standards, baselines, guidelines and procedures) with IT management.
  • Facilitate information security risk analysis and risk management processes with business units and to identify acceptable levels of residual risk.
  • Development and delivery of IT risk and security awareness and compliance training programs.

Data Governance:
Establish and maintain data governance frameworks and practices to ensure the quality, integrity, and security of organizational data. Develop and enforce data management policies and procedures.


IT Controls Audit:
Lead IT controls audit activities, including planning, execution, and reporting. Evaluate the effectiveness of IT controls and recommend improvements as needed.


Vendor and Third-Party Risk Management:
Assess and manage risks associated with third-party vendors and service providers. Establish and maintain effective vendor risk management processes and controls.


Incident Response and Continuity Planning:
Develop and maintain incident response plans and business continuity/disaster recovery strategies for IT systems and infrastructure. Coordinate response efforts during security incidents and other emergencies.


Training and Awareness:
Develop and deliver training programs to enhance IT governance, risk management, and compliance awareness across the organization. Provide guidance and support to IT and business stakeholders on GRC-related matters.


Required Education and Experience

  • Bachelor's degree in Information Technology, Computer Science, Business Administration, or rel
More jobs from Viskase Companies Inc.
See all jobs of Viskase Companies Inc.