Cyber Security GRC Specialist

Company: Galen Technology Solutions, Inc.
Location: Jersey City
Posted on: March 27, 2020

Job Description:

This position is located in Jersey City, NJ. INTERESTED? Please send resume to James Derrick 973-805-7008. James Derrick jderrickgalentechsolutions.com " jderrickgalentechsolutions.com " jderrickgalentechsolutions.com " jderrickgalentechsolutions.com " jderrickgalentechsolutions.com " jderrickgalentechsolutions.com " jderrickgalentechsolutions.com " jderrickgalentechsolutions.com Cyber Security GRC Specialist The Cyber Security GRC Manager will lead DFS500 related initiatives and contribute to the Security GRC framework. The position is hands-on and requires strong project management skills and tactical execution. The position requires an in-depth knowledge of the regulations (e.g., FFIEC, FDIC, SEC, DFS500) and best security practices (e.g., NIST, ISO) applicable to the financial industry. It is essential that the candidate be able to demonstrate practical and in-depth knowledge of security GRC practices and processes including the use of GRC tools such as Archer, reporting tools such as Tableau. The ideal candidate is proactive and an experienced and proven project manager. Furthermore, the ideal candidate will be a strong collaborator with the Director of Security GRC, all the security team members, and across the organization NYSDFS 500 Cybersecurity Regulation Leadership Act as the lead for all DFS500-related matters to ensure the bank maintains and enhances its level of compliance with DFS500 Perform all required activities to ensure that the program is effective Actively maintain the DFS500 methodology and program such as a charter, scope statement, program requirements, periodic review of required controls, annual attestation (including periodic sub-certifications), securing acceptance of deliverables and other evidential documentation as needed Contribute to DFS500 exams as requested by the NYSDFS regulators Collect and automate (whenever possible) DFS500 metrics to demonstrate risk reduction for the bank and to produce reports for multiple audiences such as management (CISO), auditors, technical staff, etc. Act as a subject matter expert and advisor with regards to DFS500 requirements for all stakeholders FFIEC CAT Leadership Act as the lead to develop and maintain an effective FFIEC CAT framework for the bank Ensure that the FFIEC CAT requirements are mapped to our other core regulations such as DFS500 Manage and maintain the FFIEC CAT framework to ensure the applications in scope are validated, the controls are in place and working as they should Develop reports and metrics for multiple audiences Security GRC Framework Contribution Contribute to the design and deployment of the security GRC framework Coordinate with all team members in the CISO's organization to contribute to a security GRC framework and provide a "one-stop shop" shop for core security activities and controls Contribute to security policies, standards, procedures, and guidelines Contribute to the security GRC component of the bank's GRC portal (Archer) to ensure it is aligned with our security GRC framework Contribute to the security GRC framework to Ensure controls are in place and working as they should Ensure policies, standards, procedures, and guidelines are updated to reflect changes in the business and IT environment Ensure clients, regulatory, and internal requirements are being met consistently and cost-effectively Automate and streamline all processes related to managing the bank's security GRC framework Provide multi-level reporting to all stakeholders in the company Executives, clients, business leads, IT leads, audit and regulatory representatives Build partnerships across the organization in all disciplines audit, legal, information technology, business operations, sales and marketing, corporate communications, risk management, etc. to ensure the security GRC program is aligned with business objectives and requirements Documentation, Reporting Analytics Contribute to the reporting framework that will provide regular metrics and statistics about our business and IT environment analyze trends in security events, activities, etc. to better understand risks, insufficiencies in our solutions, staffing shortages, etc. report security metrics and statistics to the Director of Security GRC Knowledge Experience Required 4-6 years' demonstrable experience in leading DFS500 and security GRC, security project management, security policy management, and other security practices Proficient with MS Office, project management software, and at least one GRC tool (highly recommended) Solid understanding of common security tools (e.g., vulnerability scanners, firewalls, IDSIPS, AV software) strongly recommended Requires strong analytical skills, problem solving skills, and projectprogram management skills Extensive training in computer disciplines such as application and data security, systems programming, systems design, computer technology or software disciplines Hands-on experience with performing GRC program functions Excellent communication skills Education Certifications Bachelor's degree or equivalent business experience in Computer Science, Business Management, or MS required Certified training in security management, risk and compliance solutions and practices CISSP, CISA, CISM, GSEC, CRISC, or related certification(s) required

Keywords: Galen Technology Solutions, Inc., Jersey City , Cyber Security GRC Specialist, IT / Software / Systems , Jersey City, New Jersey