Principal Consultant - Governance, Risk & Compliance (GRC)

For our client in Utilities industry, we need an experienced, senior level, hands-on technical lead, performing IT security functions and maintaining systems, while providing technical guidance to the team. The Principal GRC analyst will be responsible for leading the day to day cyber compliance, data governance, and cyber risk management functions. The role will include primary responsibility for defining, creating, and managing cyber and organizational policies and standards in support of legal and regulatory compliance needs as well as general cyber and organizational information security practices.

The Principal consultant will lead the implementation of the IT Risk and Vulnerability Management solutions. Collaborate with stakeholders, business analysts, process leaders, and architects in interpreting requirements and configuring them into software platform.

Job Responsibilities

Responsibilities:

• Execute cybersecurity risk assessment and control attestation processes in GRC
• Lead the development and implementation of the system-wide risk management function of the information security program to ensure cyber security risks are identified and monitored.
• Lead the Vulnerability management function.
• Lead the system-wide information security compliance program, ensuring cyber activities, processes, and procedures meet defined requirements, policies and regulations.
• Develop and implement effective and reasonable policies and practices to secure protected and sensitive data and ensure cyber security and compliance with relevant legislation and legal interpretation.
• Work with Internal and External Auditors as appropriate on required security assessments and audits
• Candidate should be able to provide GRC guidance and interpretation of rules, regulations, risks, and best practices.
• Ability to trouble shoot, identify, analyze and mitigate GRC related risks in existing processes, policies and procedures
• Review control effectiveness evidence to assess the quality and effectiveness of the implemented controls
• Work with development teams to provide appropriate and effective remediation guidance for vulnerabilities discovered during various assessments
• Document residual risk
• Prepare and communicate operational metrics and trend analysis for the Cybersecurity Leadership Team

Job Specific Qualifications

Required:

• Bachelor's degree in Computer Science, Information Systems, Cyber Security, Engineering, or related discipline (i.e. STEM) and minimum of 6 years of experience in Information Security.
• Knowledge of information security risk management frameworks and compliance practices.
• Experience with Vulnerability Management and Remediation
• Knowledge of securing network technologies, client, and server operating systems.
• Ability to develop security standards and guidelines based on best practices and industry standards
• Excellent oral and written communication skills.
• Excellent leadership, technical teamwork, and interpersonal skills.
• Willing to work in strong team environment, constantly teaching and learning from other team members.
• Ability to foster working relationships with the team, IT Management and Client departments.
• Ability to explain technical concepts to the business users in the context of business requirements.
• Technical experience includes: information / data / network / computer security design, administration and/or assessment.
• Broad knowledge of information systems including Windows security, network security, systems development, communication networks, security software/hardware and operating systems.
• Leadership, planning and organizing, results orientation, technical/professional knowledge.
• Approximately 5% Travel required