Information Security Governance, Risk and Compliance Manager

menlo park, CA | Direct Hire

Post Date: 11/03/2017 Job ID: 12189 Industry: Information Technology

Information Security Governance, Risk and Compliance Manager

Industry: Health Care

Duration: Direct Hire (Full-time)

Location: Menlo Park, CA

The role:

The Information Security Governance, Risk and Compliance Manager will be responsible for four primary sub-programs: Information Security Risk Identification, Tracking and Mitigation, Management of Policies, Standards & Guidelines, Security Training and Awareness and Special Projects

Risk Management
  • Lead implementation of a governance risk and compliance management program to achieve certifications such as ISO 27001/27002, HiTRUST, NIST and others as appropriate
  • Operate our risk assessment process, and track and report on gaps to closure and final resolution.
  • Interface as the primary audit/assessment manager
  • Maintain and report out on internal Information Security Risk Register
  • Working in collaboration with the Security Operations Manager provide oversight to risk mitigations
  • Provide recurring risk reports to the CISO, Business Stakeholders and IT leadership teams

  • Responsible for developing, promulgating, and maintaining department cybersecurity policies and standards. Represents policy changes at OAT and the Change Management Committee (CMC). Serves as chair of the Standards and Guidelines Infrastructure Review Committee (SGIRC)
  • Promotes training, awareness and best practices within de-centralized operations teams with regard to needed processes and procedures to maintain a secure operating model.

  • Establish appropriate IT compliance audit and testing (process and technical) calendar, schedule engagements and track activities to completion. Maintain history of testing and audit activities attestations for future reference
  • Conduct both self-assessments and coordinate third party risk assessments of technology infrastructure and operational processes and controls for assigned areas
  • Keep existing policies and procedures aligned with audit and security requirements
  • Participate in planning, scheduling and preliminary analysis for all internal and external audit projects.
  • Coordinate audit activities including notification and scheduling for all affected parties of audit timing, scope, objectives, approach and deliverables
  • Establish agreement and lead documentation efforts for process improvements related to security and compliance management

  • 5 +years with IT Systems/Information Assurance experience.
  • Prior experience working with regulatory requirements and standards (PCI-DSS, SOC, ISO, BSI, GDPR etc.) and frameworks (ISO, NIST, OWASP, etc.).
  • The ability to communicate complex security risks to non-technical staff
  • Work with business owners on remediation plans that address identified gaps.
  • Demonstrated experience in identifying, assessing, and mitigating, regulatory and compliance risk
  • Strong project management skills with experience defining objectives, identifying resource needs, and ability to execute detailed plans towards goal completion.
  • Technical understanding of cloud infrastructure, networking, access controls, and change management.
  • Strong analytical and problem solving skills are required.
  • Ability to use independent judgment to make sound, decisions and take action to solve problems
  • Strong verbal and written communication skills and ability to influence others
  • Ability to plan, organize, prioritize, work independently and meet deadlines.
  • Ability to work in a collaborative, team environment.

Competitive Advantage:
  • Experience in network security and systems certifications such as CISA and/or CISSP certifications
  • CISSP, GIAC, or other security certifications preferred (willingness to obtain CISSP within first year is desirable).


Bobby Arbabi

Not ready to apply?

Send an email reminder to:

Share This Job:

Related Jobs: