Title: Information Security Risk Compliance Manager
Location: New York, NY (Hybrid)
Duration: Contract
Objectives
The Information Security Risk Compliance Manager oversees the organization's efforts in
- Risk assessment, Risk mitigation,
- Compliance management,
- Security governance, incident response, vendor risk management,
- Security awareness and training,
- Security audits and assessments, reporting and communication, continual improvement, and cross-functional collaboration.
- Their role is to ensure that the organization's systems, networks, and processes are secure, compliant with regulations and standards, and aligned with organizational goals and objectives
Responsibilities
- Conduct risk assessments to identify potential threats and vulnerabilities to the organization.
- Develop and implement risk management strategies and policies to mitigate identified risks.
- Monitor and evaluate risk exposure across various departments and business units.
- Coordinate with stakeholders to ensure compliance with regulatory requirements and industry standards.
- Communicate risk management strategies and findings to senior management and relevant stakeholders.
- Lead the development and maintenance of the organization's risk register and risk management framework.
- Provide guidance and support to departments and teams in implementing risk mitigation measures.
- Conduct training and awareness programs on risk management principles and practices.
- Continuously monitor and review the effectiveness of risk management strategies and adjust as necessary.
- Stay updated on emerging risks and industry trends to proactively address potential threats to the organization.
- Maintain and enhance the company-wide security awareness program.
- Take ownership of establishing and enforcing security standards both within the team and across the organization. Work proactively and collaboratively to achieve change management and buy-in.
Deliverables
- Compliance Management: Ensure compliance with relevant regulations, standards, and frameworks such as GDPR, HIPAA, ISO 27001, NIST, etc., by establishing and maintaining appropriate controls and processes.
- Risk Mitigation: Develop and oversee risk mitigation strategies and controls to address identified security risks, including implementing technical controls, security best practices, and security awareness training programs.
- Incident Response: Develop and implement incident response plans and procedures to effectively respond to and manage security incidents, including data breaches, cyberattacks, and security breaches.
- Vendor Risk Management: Assess and manage risks associated with third-party vendors and service providers, including evaluating their security posture, conducting due diligence assessments, and ensuring contractual compliance.
- Cross-functional collaboration: Collaborate with IT teams, legal, HR, compliance, and other departments to ensure a holistic approach to information security risk management and compliance.
- Continual Improvement: Monitor industry trends, emerging threats, and regulatory changes to ensure that the organization's information security risk and compliance programs remain up-todate and effective.