GRC Information Security Manager
Apply NowCompany: Denver Water
Location: Denver, CO 80219
Description:
Position Requirements
Minimum Requirements
Education and Experience
Licenses, Registration, and Certifications
Job Description
Position Summary
The Governance, Risk, and Compliance (GRC) Security Manager is a member of the Information Security Office (ISO) reporting to the Director of Information Security. The position is responsible for supporting the security direction of the business and elevating the organization's security posture. The GRC Security Manager is expected to support the security strategy of the business within new and existing information system capabilities. The GRC Security Manager is also responsible for maintaining documentation and reporting related to IT and security policies, procedures, and maintenance schedules.
Essential Duties and Responsibilities
About Denver Water
Denver Water is committed to creating a diverse work environment. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, disability, age, or veteran status.
Applications will be accepted until a sufficient number is received. Denver Water reserves the right to either close or extend a posting.
Denver Water proudly serves high-quality water and promotes its efficient use to 1.5 million people in the city of Denver and many surrounding suburbs. Denver Water aspires to be the best water utility in the nation. The organization is a responsible steward of the resources, assets, and natural environment entrusted to us to provide a high-quality water supply, a resilient and reliable system, and excellent customer service.
Denver Water offers excellent benefits that include a pension plan, 401K Plan with a 3% match, 457 Deferred Compensation Plan, Health and Dental coverage, Life Insurance, and Paid Time Off. A background check will be conducted to verify the information submitted on the application. Please be sure that all information on the application is correct and complete, do not say "see resume". If the application is not fully completed, we (Denver Water), will not accept your application.
We are committed to the health and well-being of our employees. Smoking, including e-cigarettes, is prohibited on all Denver Water property.
An offer of employment may be contingent upon satisfactory results of a post-offer drug test and alcohol. Denver Water tests for the following: amphetamines, cocaine, marijuana (THC), opiates, and phencyclidine (PCP). A strength test may also be conducted due to the physical requirements of the position. If the position is deemed safety-sensitive or requires a CDL you will be placed on the random drug and alcohol testing list which means you may be tested if your name is selected while employed at Denver Water.
Denver Water is an Equal Opportunity Employer. We are dedicated to building a culturally diverse workforce. We encourage applications from women, People of Color, veterans, and people with disabilities.
Anthony Harper
1600 W. 12th Ave.
Denver, CO. 80204-3412
anthony.harper@denverwater.org
EOE/MF
Minimum Requirements
Education and Experience
- Bachelor's degree in computer science, information assurance, MIS or related field, or equivalent industry experience.
- Minimum 5 years' experience in cybersecurity as a practitioner and 3 years exposure to various security frameworks.
- Any equivalent combination of certifications, education, or experience that provides the required skills, knowledge, and abilities for the position.
Licenses, Registration, and Certifications
- One or more of the following certifications in CISSP (Certified Information Systems Security Professional), CRISC (Certified in Risk and Information Systems Control), GSLC (GIAC Security Leadership Certification), or GSTRT (GIAC Strategic Planning, Policy, and Leadership Certification) preferred or within 12 months.
- Must be able to possess and maintain a valid Class 'R' Colorado driver's license and have a satisfactory driving record.
Job Description
Position Summary
The Governance, Risk, and Compliance (GRC) Security Manager is a member of the Information Security Office (ISO) reporting to the Director of Information Security. The position is responsible for supporting the security direction of the business and elevating the organization's security posture. The GRC Security Manager is expected to support the security strategy of the business within new and existing information system capabilities. The GRC Security Manager is also responsible for maintaining documentation and reporting related to IT and security policies, procedures, and maintenance schedules.
Essential Duties and Responsibilities
- Conduct enterprise-wide, ongoing risk analysis in tandem with compliance and security.
- Automate and operationalize vendor risk management processes to support informed risk-based decisions. Collaborate with risk management, security teams and business lead to evaluate vendors.
- Identify strengths and weaknesses in the security program as they relate to security, business resiliency and compliance frameworks.
- Document, formulate and enforce areas of security improvement that balance risk with business operations and do not diminish efficiencies or innovation.
- Oversee third parties, vendors, and partners to mitigate external risks, escalating weaknesses to security management and business leads.
- Analyze findings, and document, recommend and report program gaps to security and IT leadership.
- Track security changes affecting regulations and industry best practices, applying GRC expertise across products, practices, and procedures.
- Define qualitative and quantitative metrics to assess the success of the security program and provide regular reports to security and business leadership.
- Ensure security and technology teams keep system configurations updated, overseeing security systems and administration to minimize enterprise risk.
- Act as a key participant in incident response to track occurrence and resolution, with strict documentation and reporting.
- Work in tandem with security, audit, and risk management leadership to perform ongoing security program assessments and create annual strategic technology and budgetary directives.
- Liaison with auditors, both internal and external, to maintain and implement controls for compliance and privacy laws.
- Facilitate internal and external audits by maintaining accurate documentation and tracking compliance gaps for remediation.
- Ensure IT and ISO standards, policies and procedures are regularly reviewed, updated, and aligned with industry best practices, regulatory requirements, and organizational needs.
- Manage external entities' contracts and relationships, and mitigating risks to business development opportunities.
- Maintain current knowledge of incident response, system configuration, vulnerability management, and hardening guidelines.
- Understand legacy and modern security controls, risks, and technologies, including cloud computing and application security.
- Manage complex local, state, and federal security requirements.
- Perform related work as required.
About Denver Water
Denver Water is committed to creating a diverse work environment. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, disability, age, or veteran status.
Applications will be accepted until a sufficient number is received. Denver Water reserves the right to either close or extend a posting.
Denver Water proudly serves high-quality water and promotes its efficient use to 1.5 million people in the city of Denver and many surrounding suburbs. Denver Water aspires to be the best water utility in the nation. The organization is a responsible steward of the resources, assets, and natural environment entrusted to us to provide a high-quality water supply, a resilient and reliable system, and excellent customer service.
Denver Water offers excellent benefits that include a pension plan, 401K Plan with a 3% match, 457 Deferred Compensation Plan, Health and Dental coverage, Life Insurance, and Paid Time Off. A background check will be conducted to verify the information submitted on the application. Please be sure that all information on the application is correct and complete, do not say "see resume". If the application is not fully completed, we (Denver Water), will not accept your application.
We are committed to the health and well-being of our employees. Smoking, including e-cigarettes, is prohibited on all Denver Water property.
An offer of employment may be contingent upon satisfactory results of a post-offer drug test and alcohol. Denver Water tests for the following: amphetamines, cocaine, marijuana (THC), opiates, and phencyclidine (PCP). A strength test may also be conducted due to the physical requirements of the position. If the position is deemed safety-sensitive or requires a CDL you will be placed on the random drug and alcohol testing list which means you may be tested if your name is selected while employed at Denver Water.
Denver Water is an Equal Opportunity Employer. We are dedicated to building a culturally diverse workforce. We encourage applications from women, People of Color, veterans, and people with disabilities.
Anthony Harper
1600 W. 12th Ave.
Denver, CO. 80204-3412
anthony.harper@denverwater.org
EOE/MF