Back to job search

Cybersecurity GRC (Governance Risk & Compliance) Consultant

  • Location:

    California

  • Sector:

    Risk & Compliance

  • Job type:

    Temporary

  • Salary:

    US$40 - US$75 per hour

  • Contact:

    Gabriel Moore

  • Contact email:

    Gabriel.Moore@oliverjames.com

  • Job ref:

    JOB-092022-181639_1667251424

  • Published:

    28 dagen geleden

  • Duration:

    12 months

  • Expiry date:

    2022-11-30

  • Startdate:

    ASAP

5+ years of experience in Information Security risk management, leading/managing assessments, security audits, and/or managing compliance requirements across an enterprise
5+ years of experience with regulatory compliance and frameworks such as NIST 800-53, NIST CSF, PCI-DSS 3.2 or higher, HIPAA, NYDFS 23 NYCRR 500, ISO 27001/2, and/or NAIC Data Security Law

My client, a global (re)insurance firm, are looking for a Cybersecurity GRC (Governance Risk & Compliance) Consultant to join their Enterprise Information Security (EISO) team to:

Analyze & document the Group's risk & compliance policies in relation to internal and external regulatory requirements.

Assist with third-party Risk Management, Cyber Risk Management and Cyber Compliance services.

Key responsibilities include, but are not limited to:

  • Project Management for vendor-led risk assessments
  • Manage Risk Issues in the enterprise Integrated Risk Platform (IRP)
  • Support the reverse due diligence TPRM process with external audits, examinations, and survey requests
  • Maintain the Enterprise Control Model (ECM) within the Integrated Risk Platform (IRP)
    • Apply control language updates as needed
    • Manage annual control owner confirmation processes
    • Maintain control owners and control performers data
    • Ensure authoritative sources are up to date including quarterly reviews
    • Align new authoritative sources to the Enterprise Control Model
    • Maintain risk library records
  • Manage the Risk Activity Mapping (RAM) process to ensure that all RAM records in IRP are up to date
    • This includes mapping risk activities to business processes and controls
  • Manage quarterly reporting of KRIs and KPIs in Tableau and PowerPoint
  • Support annual KRI and KPI development process
  • Support the routine revision and monitoring of information security risk appetite
  • Support routine and ad-hoc information security risk assessments
  • Conduct routine reporting and analysis of risk issues, remediation plans, and risk acceptances

Successful Cybersecurity GRC (Governance Risk & Compliance) Consultants will:

Possess 5+ years of experience in Information Security risk management, leading/managing assessments, security audits, and/or managing compliance requirements across an enterprise

Have 5+ years of experience with regulatory compliance and frameworks such as NIST 800-53, NIST CSF, PCI-DSS 3.2 or higher, HIPAA, NYDFS 23 NYCRR 500, ISO 27001/2, and/or NAIC Data Security Law

This role requires thorough knowledge of information security risk management.

If you are interested or available, please apply now!

Image 2020 11 03 T18 19 45

The latest OJ Webinar

Are you looking to relocate?