Senior Manager of Risk and Compliance jobs in United States
cer-icon
Apply on Employer Site
company-logo

PTR Global · 4 hours ago

Senior Manager of Risk and Compliance

positionUnited States
timeFull-time
remoteRemote
senioritySenior Level
date5+ years exp

PTR Global is seeking a Senior Manager of Risk and Compliance who will be responsible for the execution and operational delivery of security compliance, risk management, and audit functions. This role involves overseeing a team of compliance analysts, managing security risk activities, and ensuring compliance objectives are met through collaboration with various stakeholders.

Information Technology & Services
Hiring Manager
Matt Gantt
linkedin

Responsibilities

Designs and leads the information security risk assessment strategy, methodology, and process
Coordinates the execution of enterprise-wide information security risk assessments, including the reporting and oversight of risk treatment plans to address findings
Perform internal control reviews, gap assessments, and documentation of compliance with applicable security and privacy regulations (e.g. HIPAA, SOC 2, NIST, ISO 27001)
Manage risk and compliance resources for team execution
Oversee the development and maintenance of security policies, standards, and procedures aligned with leading frameworks
Support contract and vendor reviews by assessing third-party risk and advising on risk acceptance / treatment in conjunction with Sorenson Vendor management processes
Deliver regular reporting on metrics, KPI’s, risk posture, exceptions, remediation and audit status to appropriate parties
Provide approved responses to client inquiries and maintain library of records, documentation, and responses
Ensure key security controls are identified, implemented, tested, and remediated as required
Evaluate and advise on security control recommendations to mitigate information security risks
Evaluate and advise on implementation and effectiveness of security controls for compliance with applicable information security laws, regulations, and policies
Work with business partners, global risk management, IT risk, product and data security, and outside consultants on required information security risk assessments and audits
Respond to security assessments, questionnaires and audits from regulators, clients and third-party business partners
Work directly with clients to provide advisory services and guidance that will reduce organizational risk, improve their overall security posture, and achieve compliance
Prepare reports and other deliverables that contain strategy, technical analysis, findings, and recommendations
Other duties as assigned

Qualification

Risk managementCompliance programsInformation securitySecurity assessmentsCISA certificationCISSP certificationNIST standardsISO 27001GRC platformsAnalytical skillsWritten communicationVerbal communicationPresentational skillsTeam management

Required

Minimum 4 Year / Bachelors Degree Information Security, Information Systems or related Field
Minimum Certification CISA
5+ years management In Information Security with combinations in operational security, risk management, IT, Compliance and Audit
5+ years Specific to security risk management and compliance programs, process, and execution
Ability to write solution workflow diagrams, system documentation, playbooks, etc
Strong analytical skills
Excellent written and verbal communications skills, including presentational skills
Understanding of or experience with industry and regulatory standards, including NIST 800-53, HIPAA Security Rule, ISO 2700x, AICPA SOC 2, PCI DSS, GDPR, CCPA
Prior experience auditing and performing quality control actions of audits
Hands-on experience with GRC platforms and work management tools (e.g. Jira, Confluence)
Demonstrated experience in curating cyber security strategies and programs for large and complex organizations
Proven ability to operate independently, manage multiple priorities, and drive results in a deadline-driven environment
Proven track record in defining, developing, and implementing cyber risk management structures, governance models, organizational transformations in the areas of cyber security
Strong domain expertise and understanding of five or more of following areas: Cyber risk program management and delivery, Security architecture, Security technologies (e.g., firewalls, security event monitoring, intrusion detection and prevention, malware detection), Data protection (application security/SDLC), Third party risk management, Cloud security

Preferred

Preferred Certification CISSP, CRISC, CISM, or other equivalents

Company

PTR Global

twitter
company-logo
Engage with the largest Latina-owned IT & Professional staffing provider in the U.S.
dateFounded in 1996
people-size201-500 employees
web-link
https://www.ptrglobal.com

Funding

Current Stage
Growth Stage
Company data provided by crunchbase