Cybersecurity Specialist - Enterprise Risk Management

GRC (Enterprise Risk Management)

Job Title: Cyber Security Specialist TRO GRC(ERM).

Experience, education, skills, licensure, or training required:

The Cybersecurity Specialist must be self-motivated, be a great team player that values results, professional, and is well-rounded technically. Should be able to conduct guide and conduct audit across cybersecurity frame works ISO 27001, CMMC, CMMI, FAIR (factor analysis of information risk). Ability to conduct risk assessments and audits to support the above framework. Work with all areas of business units, IT departments, third parties providing guidance for areas of process improvement surrounding policy, procedures, and standards for above frameworks.

• Interface with team members, departments, and outside associates. Can work directly with all levels of management and other corporate team members in person as needed.
• Work with all levels of user, and management level, while being able to understand business needs and communicate necessary IT Security and compliance requirements and needs.
• Have an extensive knowledge of development of enterprise level policies, standards and procedures and the ability to determine what is needed and communicate it in a professional manner in writing.
• learn to analyze software, networks, and scan data to identify vulnerabilities to support compliance requirements.
• Assist with and implement process improvement to support IT Security, IT and GRC requirements to support Risk and Compliance Audits.
• Oversee, develop, and provide guidance where needed for compliance requirement programs, Risk Assessments, and audits.
• Prior experience defining risk management framework and leading implementation.
• Needs to understand common risk management frameworks and risk assessment approaches.
• Identifies key risks in business units, Sites & actions to mitigates these risks.
• Identifies operational control weaknesses.
• Has rolled out risk management across business units periodically
• Monitored remediation programs, ensuring root causes of operational risk issues
• Review and develop risk policies in accordance

Preferred Experience/Skills:

Candidate must have 5-6 years experience managing enterprise level Security Audit and Compliance and/or Risk Management programs with successful results. This person must communicate well at the management and above, both verbally and in writing, while balancing the business needs and security requirements. Experience working in the Big-Four Auditing Firms”, or other Risk management preferred.

Education:

Graduate/postgraduate any discipline. Certification in CISA, Auditor certification in ISO27001, CMMI, CMMC