Technical Manager - GRC
Apply NowCompany: Centraprise
Location: Denver, CO 80219
Description:
Job Title: Technical Manager - GRC (Governance, Risk, & Compliance)
Location: Denver, CO Onsite
Primary responsibilities of the Manager, Governance, Risk and Compliance include the following:
Skills:
Education and Experience:
Other Qualifications:
Location: Denver, CO Onsite
Primary responsibilities of the Manager, Governance, Risk and Compliance include the following:
- Develop and manage Contentful's technology risk program in support of enterprise methodologies.
- Proactively identify, report, and catalog risks in existing and new technology solutions.
- Lead efforts triaging, analyzing, classifying, and developing treatment plans with stakeholders.
- Track and report on organization-wide technology risk to ensure timely mitigation.
- Improve and maintain a program to facilitate customer and prospect cybersecurity requests.
- Define roadmaps in-line with customer expectations, legal requirements, and commensurate with the global cybersecurity threat landscape.
- Implement and drive a cohesive cybersecurity controls program across multiple frameworks including
- ISO 27001 (Information Security), NIST Cybersecurity Framework, and NIST 800-53 (Security and Privacy Controls.)
- Maintain policies, procedures, and standards in line with current and emerging requirements.
- Enhance and streamline third-party supplier assessments, ensuring cybersecurity involvement, cataloging and tracking of risks, and monitoring for changes.
- Stay abreast with international laws and regulations to proactively identify gaps.
- Provide compliance consultation for new and ongoing enterprise initiatives.
- Consult on defining compliance policies and best practices.
- Educate and build awareness of compliance requirements across the organization.
- Improve compliance with security standards and policies across enterprise teams.
- Lead compliance enhancement projects focused on new or changing technologies.
- Publish executive-level reporting across compliance activities.
Skills:
- Analytical aptitude with an emphasis on investigative, methodical critical questioning and logical thinking; a data-driven decision maker.
- High-level interpersonal skills.
Education and Experience:
- Bachelor's Degree (or equivalent experience) and at least 3-5 years of directly related experience. Must have a solid understanding of SOX, PCI, CPNI, CCPA, FACTA and similar IT Compliance and Privacy regulations.
- Strong understanding of risk mitigation methodologies and regulatory requirements pertaining to information security, privacy, and/or data security.
- Experience with compliance audits such as PCI and/or CPNI. Former QSA preferred.
Other Qualifications:
- Professional certification (CISA, CRISC, CSIM, CIA or similar) is highly desired. Candidates who apply will be tested in several areas, including verbal/spelling, math/logic and business problem-solving, and must meet minimum standards to be considered for this position.