Jr. Governance, Risk, and Compliance Team Lead

Job Summary: Assist the Chief Information Security Officer and the Governance, Risk, and Compliance Team Lead in leading and managing the Governance, Risk, and Compliance teams in accordance with organizational policies and goals. The candidate will assist the Chief Information Security Officer and the Governance Risk and Compliance Team Lead in processing documentation, facilitation, remediation planning, risk management, and systems implementation coordination to meet the audit, control, and compliance requirements. The Junior Governance, Risk, and Compliance Team Lead will also assist with leading the GRC team in the absence of the Governance Risk and Compliance Team Lead.

The Junior Governance Risk and Compliance Team Lead will be responsible for identifying and reporting all security issues, prioritizing threats, and confirming threats have been mitigated in accordance with company standards. The Junior Governance, Risk, and Compliance Team Lead will be a resource of experience and best practices to for the Security and Compliance team.

Key Responsibilities:

• Well-versed in Governance, Risk, and Compliance frameworks and activities such as performing risk assessments, vulnerability assessments, and audits
• Working knowledge and familiarity in the understanding of manual techniques to exploit vulnerabilities in the Open Web Application Security Project (OWASP) top 10 including but not limited to cross-site scripting, SQL injections, session hijacking, and buffer overflows to obtain controlled access to target systems
• Assist in managing multiple competing priorities in a fast-paced SaaS environment
• Assist in managing third-party security services, application vendors, evaluate new vendors and services

Work Experience / Knowledge:

• Knowledge of Industry Standards, e.g., ISO 17799/27001, FISMA/FedRAMP, NIST Publications, and other Industry Related Security Standards
• Knowledge of Industry Regulations, e.g., Gramm-Leach-Bliley Act (GLBA), Payment Card Industry (PCI) or Corporate Compliance
• Familiarity with Microsoft SQL Server 2012/2016
• Familiarity in the implementation and management of both offensive and defensive security technologies in conjunction with commercial and federal information security compliance initiatives
• Active participation in Enterprise-level Risk Assessment and Business Impact Analysis.
• Active participation in disaster recovery and business continuity planning and execution
• Consulting experience in Information Security
• Working knowledge or experience with Windows Server 2012/2019
• Familairity in TCP/IP Networking
• Working with internal and external resources on performing and reporting the annual penetration testing to include complete white-hat testing; Must provide a detailed report and recommendations for improvements and remediation where applicable
• Working with internal and external stakeholders to assess security requirements, and approve/modify designs as needed
• Ensuring vulnerabilities are mitigated in a timely fashion in accordance with the applicable compliance requirements
• Providing overall Governance over the management of Risk and providing updates to the remediation plans and Plans of Action and Milestones (POA&M)
• Supporting incident responses for all security-related issues 24/7

Qualifications / Certifications:

• Experience in leading and conducting audits and risk assessments for StateRamp/Fedramp, ISO 27001:2022, HiTrust or similar compliance audits and certifications/assessments that align with NIST 800-53 Rev 5.
• CISSP, CISA, CISM, or other Industry Certifications

Special Requirements:

• May also be assigned various projects and tasks as needed
• Hours: Day shift. Evening and weekend hours may be required

Equal Opportunity Employer. M/F/D/V