Governance, Risk, and Compliance Lead

SUMMARY

D&H Distributing is looking to hire a GRC Lead to assist with managing the Governance, Risk, and Compliance (GRC) program. You will be responsible for developing and ensuring compliance with security policy, carrying out security assessments, and leading the development and management of a cybersecurity risk management program. Your experience should include exposure to common cybersecurity frameworks including NIST and ISO 27001. Auditing and experience in implementing an ISMS is strongly preferred.

ESSENTIAL DUTIES AND RESPONSIBILITIES

• Lead internal ISO 27001 audits and coordinate with third party auditing firms to perform external audits
• Lead with the implementation and operation of Governance Risk and Compliance (GRC) tooling to further improve and automate our GRC processes
• Lead with all ongoing compliance activities related to the implementation, maintenance, monitoring, and continuous improvement of the Information Security Management System (ISMS)
• Evaluate the effectiveness of information security controls and performance by developing, monitoring, gathering, and analyzing information security and compliance metrics for management
• Perform third party risk assessments to maintain oversight of third party vendors
• Manage and coordinate client assurance questionnaires, audits and assessments, and calls
• Help support various parts of the company to adopt / maintain a common risk and control framework
• Develop, enhance, operationalize enterprise-level security, risk and privacy policies, processes and controls to mitigate risk and comply with applicable laws and regulations
• Perform activities to monitor and assess the security, risk and privacy controls on an ongoing basis. Work closely with the operational departments (Legal, Engineering, Sales, Support, Operations, ...) to develop and monitor policies and standards in compliance with applicable privacy policy & regulations
• Stay up to date on the latest security and industry trends including their compliance requirements
• Maintain familiarity with cybersecurity frameworks such as NIST, CIS, and other security technology by attending workshops and reviewing publications
• Monitor environment for malicious behavior utilizing a variety of security tools and take appropriate remediation
• Coordinate across organization to ensure mutual success in protecting D&H
• Monitor changes to the environment to identify if those changes compromise security
• Investigate security breaches and other cybersecurity incidents with minimal assistance
• Work with the business units to remediate identified issues with minimal assistance
• Assist in process improvements to enhance the efficiency of current operational procedures
• Participate in access control and governance including provisioning / deprovisioning and recertification of accounts
• Effectively deal with rapid change in a positive manner
• Participate in all company / location driven communication efforts, including huddles, department meetings, and other related efforts
• Maintain a positive and professional working relationship with peers, management, support resources, and the community with a constant commitment to teamwork and exemplary customer service to present a professional image of D&H Distributing
• Perform all other duties as assigned by management in a professional and efficient manner

EDUCATION and / or EXPERIENCE

Education

Experience