Role: IT Security Risk Compliance Manager

Location: 150 William Street, New York

Duration: 12 Months

Innovee' s Public Sector seeks an Information Security Risk Compliance Manager who will have the responsibility for several functions associated with IT security from ensuring the security of software to selecting and/or constructing and deploying broader network security systems.

Objectives:

The Information Security Risk Compliance Manager oversees the organization's efforts in

• Risk assessment, Risk mitigation,
• Compliance management,
• Security governance, incident response, vendor risk management,
• Security awareness and training,
• Security audits and assessments, reporting and communication, continual improvement, and cross-functional collaboration.
• Their role is to ensure that the organization's systems, networks, and processes are secure, compliant with regulations and standards, and aligned with organizational goals and objectives.

Responsibilities:

• Conduct risk assessments to identify potential threats and vulnerabilities to the organization.
• Develop and implement risk management strategies and policies to mitigate identified risks.
• Monitor and evaluate risk exposure across various departments and business units.
• Coordinate with stakeholders to ensure compliance with regulatory requirements and industry standards.
• Communicate risk management strategies and findings to senior management and relevant stakeholders.
• Lead the development and maintenance of the organization's risk register and risk management framework.
• Provide guidance and support to departments and teams in implementing risk mitigation measures.
• Conduct training and awareness programs on risk management principles and practices.
• Continuously monitor and review the effectiveness of risk management strategies and adjust as necessary.
• Stay updated on emerging risks and industry trends to proactively address potential threats to the organization.
• Maintain and enhance the company-wide security awareness program.
• Take ownership of establishing and enforcing security standards both within the team and across the organization. Work proactively and collaboratively to achieve change management and buy-in.

Deliverables:

• Compliance Management: Ensure compliance with relevant regulations, standards, and frameworks such as GDPR, HIPAA, ISO 27001, NIST, etc., by establishing and maintainingappropriate controls and processes.
• Risk Mitigation: Develop and oversee risk mitigation strategies and controls to address identified security risks, including implementing technical controls, security best practices, and security awareness training programs.
• Incident Response: Develop and implement incident response plans and procedures to effectively respond to and manage security incidents, including data breaches, cyberattacks, and security breaches.
• Vendor Risk Management: Assess and manage risks associated with third-party vendors and service providers, including evaluating their security posture, conducting due diligence assessments, and ensuring contractual compliance.
• Cross-functional collaboration: Collaborate with IT teams, legal, HR, compliance, and other departments to ensure a holistic approach to information security risk management and compliance.
• Continual Improvement: Monitor industry trends, emerging threats, and regulatory changes to ensure that the organization's information security risk and compliance programs remain up-to[1]date and effective.

Preferred Skills:

• Excellent verbal and written communication skills.
• Ability to work both independently and as part of a team.
• Knowledge of Networking (Firewall, Networking Protocols);
• Working knowledge Frameworks
• Working knowledge of Information Security Domains
• Working knowledge of Security protocols
• Working knowledge of Cloud computing