Principal IT GRC Consultant

The Principal GRC Consultant will be responsible for leading the day-to-day cyber compliance, data governance, and cyber risk management functions. The role will include primary responsibility for defining, creating, and managing cyber and organizational policies and standards in support of legal and regulatory compliance needs as well as general cyber and organizational information security practices.

This role can be performed remotely but requires some level of onsite work/in-person interactions on a regular basis, require employees to live within a commutable distance of Bethpage, NY and, since business needs vary by position and may change over time, managers will set expectations and flexibility regarding where and when work is performed.

Job Specific Qualifications

Required Qualifications:

• Prior experience in IT governance, risk and/or compliance field

• Demonstrated leadership capabilities through projects or other work planning experiences

• Understanding of and experience in IT project management methodologies, requirements management, quality assurance and IT processes

• Requires broad knowledge of the business area's functions and applications, and of system and technology alternatives

• Strong understanding of Vulnerability Management process, Risk assessments methodologies, and SLA/KPI management & reporting

• Demonstrated experience in analytic tools to automate performance reporting, and KPI management

• Prior experience in IT governance, risk and/or compliance field

• Strong analytical ability to translate insights into actionable recommendations

• Strong verbal and written communication skills

• Strong facilitation skills

• Strong judgment and escalation management skills

• Ability to foster working relationships with the team, IT Management and vendor teams

• Good understanding of technology platforms and ability to explain technical ask

• Ability to measure process performance and identify constraints, or any other escalation requirements

• Working knowledge of specific technology area including business process configuration and execution for assigned domains

Desired Qualifications:

• Relevant technical acumen or experience in vulnerability management tools, risk assessment and IT governance

• Familiarity with risk management framework.

• Ability to automate repetitive tasks

• Ability to handle complex challenges under time constraint.

• Ability to prioritize and escalate critical vulnerabilities to the appropriate stakeholders

• Project Management Professional Certification (PMP)

• Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC)Experience with Cybersecurity