Verticalmove, Inc. is the leading technology talent firm for Information Technology, Software Engineering and Executive professionals. We build the most admired companies throughout the world by identifying and attracting highly qualified and often hard to find professional talent. Our portfolio of clients include start-ups financed by the most exclusive venture capital firms, and established billion-dollar brands.
Being part of our Information Technology and Engineering consultancy means you’ll have industry leading benefits too, including Health (medical, dental, vision and life insurance), Paid Time Off (sick and vacation) and Retirement (401k with a 4% match).
Please follow us for valuable content, interview advice, compensation data, and job opportunities:
This position will be responsible for supporting the Information Security Governance program. The incumbent will partner with IT technical staff, as well as internal risk and compliance teams to provide oversight of the ongoing execution of key controls; implement/leverage tools for onboarding and automating quantitative scoring of control effectiveness/maturity; assess, track & report control deficiencies and remediation activities.
• Translate standards, regulatory and business requirements into remediation recommendations.
• Possess strong technical background in security controls and technologies.
• Participate in developing and maintaining the overall Governance Risk and Compliance (GRC) management process and strategy.
• Work in collaboration with corporate compliance, risk management and various technical teams in the design and implementation of controls self-assessments, risk assessment and regulatory compliance practices for IT.
• Opportunity to mentor cyber assurance analysts.
• Create, document, and implement process improvements.
• Investigate, analyze and document reported control defects.
• Create and maintain technical process documentation using defined (e.g., GRC tool and documented procedures).
• Partner with Issues Management, Standards, and Compliance teams to develop an effective process for monitoring, reporting and escalating issues and exceptions.
• Work with cross-functional teams in performing reviews of IT internal controls to ensure teams are operating adequate controls.
• Create, monitor data points into the IT risk management activities, including quarterly dashboards, metrics, and reporting (e.g., GRC tool dashboards).
• Advises IT and business executives on the status of security findings, technology risks and compliance issues based on assessment results and information from various discovery sources, monitoring and control systems.
• Mature processes to document and score IT/Security control effectiveness based on maturity level and map to corresponding residual risk scores.
• 10+ years of experience in compliance and identification of risk within a large enterprise.
• Demonstrate broad security knowledge across common industry security standards (e.g., ISO, NIST, COSO, COBIT, PCI, FFIEC, SOX, SSAE16, and others).
• Possess either of the following certifications: CISSP, CISA, CISM, or GIAC.
• Strong technical knowledge of security technologies and architecture in multiple security domains (such as infrastructure hardening, privileged access, data security, endpoint security, anti-malware, network security, application security and others).
• 6+ years of experience implementing and managing GRC technologies (e.g. Archer, ServiceNow) used for risk and compliance processes. Advanced MS Office skills: Word, PowerPoint, Excel & Database
• Excellent writing and verbal communication skills, interpersonal and presentation skills and the proven ability to influence and communicate effectively.
• Bachelor’s degree from an accredited college (Information Technology, Information Assurance, Cyber Security or related disciplines preferred).