Find A Job › Information Technology


Information Security Governance Risk and Compliance Manager

  • Location: New York, NY
  • Job Type: Direct Placement
  • Ref No: 19-06597
  • Date: November 07, 2019
  • Job title:
Questions about this job listing? Contact the recruiter now.

Job Description - Information Security Governance Risk and Compliance Manager

Information Security Governance Risk and Compliance Manager

New York, NY

Department: Information Security

Reports To: The CISO

Job Overview: 

The security governance, risk, and compliance manager will be responsible for defining, implementing and leading a GRC function in the CISO office. He will create the security risk strategy and provide cyber governance and risk management oversight; establishing and managing the security policy framework and relevant standards; overseeing applicable security, privacy, contractual and compliance requirements (i.e. SOC2, MRC, ISO27001, GDPR, CCPA, NIST, DPAs and local privacy laws) through strategy development, controls definition and assessment and process oversight.


Responsibilities and Duties:

  • Directly responsible for policies, procedures and controls to assure compliance with applicable regulatory, legal and audit requirements as well as good business practices
  • Develop and manage an information security risk management program including development, evaluation, and adherence to multiple areas of practice
  • Develop a risk strategy that identifies and classifies risks, defines appropriate tolerances, prioritizes mitigation activities, and measures risk levels using the CMMI Cyber Maturity/NIST CSF Framework
  • Establish and oversee formal risk analysis and self-assessments program for various information services, systems, processes and recognized industry standards
  • Identify, assess, manage, and track remediation of risks related to IT infrastructure, applications, platforms and suppliers and drive explicit requirements and timelines in all environments
  • Develop strong relationships with external audit and key stakeholders to ensure risk management oversight is understood, managed appropriately and current with all standards, guidelines, and regulations that are applicable
  • Liaise with all departments to identify, track and provide remediation guidance for new projects, services and/or third-party contracts in terms of information security assurance
  • Oversee highest risk initiatives and serve as a point of escalation for remediation/mitigation efforts
  • Develop security compliance strategy and approach and ensure compliance with MRC, SOC2, ISO27001, CCPA, GDPR, local privacy laws, contractual requirements and globally-recognized standards and guidelines
  • Establish and oversee formal vulnerability management, penetration testing and security posture assessment programs
  • Identify regulatory, legislative, and industry specific compliance requirements and define controls that can be used to meet those requirements
  • Oversee third party assessment standards and privileged user monitoring as a check on critical system access
  • Act as privacy and compliance officer and serves as the intake on security related inquiries and coordinating with subject matter experts
  • Build out and maintain current GRC tools and processes within information security to provide visibility and transparency


  • 10+ years' experience in information technology; 5+ in a security governance, risk, and compliance management experience
  • 5+ years of progressive information security work experience
  • Prior experience with security policy, standards, and controls definition
  • Strong knowledge of current and emerging cyber security risks, and innovative risk management methods and solutions
  • Ability to collaboratively develop a risk strategy in conjunction with stakeholders
  • Strong analytical thinking, written, and oral communication and presentation skills
  • Demonstrated knowledge of industry authoritative sources such as COBIT, NIST, SOC2, GDPR, MRC, CCPA and ISO standards.
  • Must have the ability to influence others and work at all management levels across the organizational structure
  • Broad understanding of security and privacy concepts
  • Experience working in an international/global organization
  • Skilled at planning, tracking plans, working cross department to review processes and controls, gathering and organizing documentation and test results
  • Able to understand contracts and technical documentation and is able to assess it for consistency and alignment with processes and controls outlined in requirements and audit materials
  • Education – Bachelor's degree in computer science or related area
  • Industry recognized certification in security (e.g., CISSP, CISA, CISM, CEH, etc.) 
  • Experience with MRC accreditation and deep understanding of the online advertising industry and ad platforms (networks, DSPs, ATDs, SSPs, Exchanges)


Related Job Listings

Job Location Type Posted  
C++ Developer New York, NY Direct Placement December 05
Senior Full Stack Developer New York, NY Direct Placement December 05
Senior Network Engineer New York, NY Right to Hire December 05
Chief Information Security Officer New York, NY Direct Placement December 05
IT Manager- Compliance Systems New York, NY Direct Placement December 04