JOB PURPOSE
The GRC Manager is primarily responsible for providing leadership to a group of analysts and is responsible for the operational and tactical direction of the Security Governance, Risk Management, and Compliance programs. The GRC Manager provides strategic direction in collaboration with the Sr. Director, Security & Compliance.
This role will lead the team through establishing highly effective policies based on the NIST, CIS and other frameworks, establishing sustainable processes for assessing and tracking cybersecurity risk, perform security control testing, and delivering performance metrics and reporting for each of the programs under its management scope. This manager will possess a strong understanding of Enterprise Risk Management, business resiliency programs, security risk assessment, as well as performing technical control assessment.
This position requires strong written and oral communication skills, as well as the ability to communicate detailed, technical information in a manner comprehensible by individuals at varying degrees of experience and skill level. The role requires the ability to speak confidently in front of large groups and with corporate management, vendors, and service providers. The GRC Manager also contributes to the Security & Compliance strategy and roadmap.
KEY RESPONSIBILITIES
- Evaluate, coach and retain Compliance teams to meet Company audit and compliance objectives
- Manage Kofax Enterprise Risk Management platform, including system requirements and daily work distribution for other GRC Analysts
- Manage personnel performing assigned audits which may include customer audits, statutory/regulatory audits, SOC 2, PCI or others as needed
- Responsible for planning and maintaining standards and guidelines, policy development, implementation, and administration
- Serve as senior company representative with clients and partners, responding to security questionnaires and managing audits
- Supervises risk assessments, analysis and synthesis of internal IT and business process controls
- Assist in the executing departmental initiatives and projects to support the company’s global security and compliance efforts
- Oversee project management and the prioritization and completion of tasks
- Leads when necessary compliance audit reviews, and remediation testing of issues identified during third-party assurance reviews or internal assessments
- Support IT/financial audit related engagements that require IT audit support
- Monitor and evaluate the control environment to ensure security and compliance standards are in place
- Advises internal business clients on the effectiveness of corrective action plans in the event of non-compliance or detected vulnerabilities in their environment
- Contributes to various project requests from functional teams to increase operational efficiency, strengthen IT environment, and help meet the company's internal and external regulatory or compliance requirements.
- Performs ad-hoc compliance requests or additional duties as assigned
Required Skills
QUALIFICATIONS
- Management experience leading teams to successful outcomes
- Prior experience managing internal and external risk assessments and compliance measures and / or remediation items and implementing and enforcing policies and procedures
- Familiar with GRC tools for managing audit controls, evidence gathering and reporting
- Experience with SSAE18, PCI DSS, EI3PA, ISO 27000, HIPAA, GDPR, or similar
- Excellent client relationship and customer service skills, with a clear client focus
- High degree of independence and exceptional work ethic with a team player attitude and a solution-oriented mind
- Familiarity with core IT and Information Security Technologies
- Exceptional interpersonal, written and oral communication skills
- Certification in or progress toward at least one designation in an information security, risk, compliance or related discipline (e.g. CISSP, CISM, CISA)
Required Experience
REQUIRED EXPERIENCE
- See Qualifications section
- Experience with privacy and risk management tools
- 3-5 or more years practical experience managing compliance programs
- Experience as an auditor for major external audit firms is preferred
- Experience with successful SOC 2 attestation either as an auditor or a consultant
KOFAX, INC. IS AN EQUAL OPPORTUNITY EMPLOYER M/F/DISABILITY/VETS
WHILE THE JOB DESCRIPTION DESCRIBES WHAT IS ANTICIPATED AS THE REQUIREMENTS OF THE POSITION, THE JOB REQUIREMENTS ARE SUBJECT TO CHANGE BASED UPON ANY CHANGING NEEDS AND REQUIREMENTS OF THE BUSINESS.
The base salary range for this role, across the US, is $110,534 - $225,961. Your actual base pay within this range will be determined by your work location as well as skills, qualifications, experience, and relevant education/training. The range provided reflects only the base salary for the role and does not include benefits.