The Information Security Governance, Risk, and Compliance ("GRC") team responsible for establishing and maintaining a risk and governance program to ensure that information assets are adequately protected. This position is responsible for identifying, evaluating and reporting on information security risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the enterprise. Responsible for ensuring that information security objectives are met. This group focuses on compliance with the company's IT and Information Security policies and procedures.
Establishment and ongoing maintenance of Information Security governance, risk, and compliance program including management of staff, budget, projects, information security strategic plans and priorities
Develops, maintains and publishes up-to-date information security policies, standards and guidelines. Oversee the approval, training, and dissemination of security policies and practices
Creates, communicates and implements a risk-based process for vendor risk management, including the assessment and treatment for risks that may result from partners, consultants and other service providers
Create and manage information security and risk management awareness training programs for all employees, contractors and approved system users
Work directly with the business units to facilitate IT risk assessment and risk management processes, and work with stakeholders throughout the enterprise on identifying acceptable levels of residual risk
Provide strategic risk guidance for IT projects, including the evaluation and recommendation of technical controls
Ensure that security programs are in compliance with relevant laws, regulations and policies to minimize or eliminate risk and audit findings
Maintain relationships with leaders in IT Enterprise Risk and Compliance Departments
Maintain management reports, metrics associated with information security risk, compliance and other functional areas as defined by management
Establish and oversee formal risk analysis and self-assessments program for various Information Services systems and processes
Oversee information security policies, standards, guidelines and baselines. Ensure policies are reviewed and updated regularly
Manage, coach, lead and develop a staff of GRC personnel
Oversees the development, management and monitoring of the corporate wide information security awareness program & 3rd party vendor risk assessment program
Supports CISO and Chief Compliance Officer (CCO) in meeting reporting obligations for standard government reports, including EIA – 860, FERC EQR, and NERC CIP, NERC RA, and ensures documentation and processes for each effort are in place for NERC audits spot checks, in support of meeting regulatory reporting obligations
Typically manages a more narrow area (multiple business units) or critical function or function managed requires a broad area of expertise. Or/ Managers managing a single business unit with a greater risk exposure. Or/ is the third level manager in a production based on transactional environment.
Primary focus is on day to day management of operational execution also develops and exercises business plans, policies, and procedures. Contributes to proactive planning exercises of management team as requested. Trains and develops staff. Plans the work flow. Looks for areas of process improvement and directs available resources to accomplish this. Leads changes and implementations for direct team as pushed down through the organization. Increased risk or scope to the organization.
OpenArc is a highly personable and professional IT consulting and staff augmentation organization dedicated to helping clients understand their technology strategy around infrastructure, software and technical talent placement and recruiting services
OpenArc's talent placement and consulting division occupies a singular space in the IT industry, combining deep technology expertise with an unmat...ched attention to companies and candidates in order to secure the best fit of both position and culture. As with all OpenArc services and solutions, we take pride in relationships both building and built.