*Full Relocation available
Seeking a Director of Cyber Risk Assurance
Well known company seeking a Director of Cyber Risk Assurance. If you like a culture where you will stretch your limits and give you exposure to cutting edge technologies, you're in luck. Don't be coy and wait three days to call us. We want to hear from you now! Email your resume to me.
What our client wants you to do aka responsibilities
Director of Cyber Risk Assurance
GRC Continuity risk management
Build team and department from scratch, budgets
Build and develop custom proprietary, framework, with audit sales customers like google, sales force
Working with a Big 4 firm
Full Relocation available
$10 Billion Company
Who you are Director of Cyber Risk Assurance
This position is responsible for leading the organization that provides assurance of information security, appropriate use, and technology continuity risk management completeness and effectiveness. The organization's scope of activities includes understanding and harmonizing organizational requirements for managing cyber risks; monitoring and evaluating internal and business partner risk controls against the requirements; testing security capabilities and facility and technology continuity plans; supporting the sales process; coordinating and responding to IT audits; evaluating security capabilities of potential M&A partners.
You also meet most (if not all) of the following requirements:
Envision, define, design, build, staff, and deliver to customers and stakeholders services to obtain and maintain a level of comfort that the company's and business partner cyber risk management capabilities are appropriate, effective and adhere to business needs, regulations and customer contracts, support internal and external audits of IT, test the effectiveness of threat management, technology continuity, and facility continuity capabilities through risk event simulations, support the company's sales processes, and evaluate potential M&A partner cyber risk management capabilities and risk appetite.
Build and lead a team of senior cyber risk assurance experts to develop and maintain an innovative principles-based risk control framework/requirement catalog for the organization (framework must be built from scratch, not a modification of NIST CF, HITRUST CSF, ISO 270XX, or similar), harmonize and map requirements from current and future laws, regulations, customer contracts, and business mandates, and plan, scope and conduct formal control monitoring and validation engagements with varying levels of assurance.
Collaborate closely with the leader of the Cyber Risk Solutions organization to form and lead a team of senior technology DR/continuity experts to plan and execute live simulations of technology continuity risk events in order to test and measure company's ability to restore appropriate functionality of technology solutions in accordance with business requirements.
Build and lead a team of security marketing specialists and assurance analysts to create and maintain standard audit response database, coordinate internal and external (regulators, customers, etc.) audits of the IT organization, respond to auditor requests for information and control testing, develop management responses to audit findings, track and report audit finding resolution, create and maintain standard RFP response database, respond to RFPs from current and prospective customers, coordinate availability of cyber risk management SMEs to participate in customer visits, address ad-hoc inquiries from customers on cyber risk management topics.
Establish and sustain strong working relationships with the organization's customers and stakeholders.
Develop and continuously evolve the organization's processes/methodologies, structure, culture, skills/experience, process support tools, knowledge resources, and other components.
Design and execute all of the organization's repeatable activities as mature (equivalent to CMMI maturity Level 3) processes.
Communicate the status and accomplishments of the organization's operational activities and projects to company's executive leaders, peers in the IT organization, customers and stakeholders.
Partnering closely with the Compliance and Audit teams ensure adherence to all applicable legal, regulatory and contractual requirements in all activities of the organization.
Manage the organization's operating and project budgets and ensure executive leadership's support for appropriate funding levels.
Promote the company's image as a leader in setting strategy and developing services and capabilities as compared to competitors and peers in other industries.
Share leading practices and lessons learned in managing customer engagements, delivering services, and operating solutions with industry peers, other industries, professional consortia, and relevant government organizations.
2 to 5 years of senior leadership experience in information security or other cross-functional IT discipline (eg IT architecture) in Fortune 100 size organizations.
Proven track record of identifying, hiring and retaining the top talent in cyber security, survivable system engineering, and IT risk management resource markets.
Industry-recognized experience in designing and building from scratch innovative risk control frameworks that overcome the limitations of prevailing checklist-based approaches to risk control evaluation and monitoring.
Exceptional sales and marketing skills applied in pre-sales and post-sales interactions with Fortune 100-scale organizations.
3 years of experience in working at a Big Four or equivalent advisory organization in support of multinational enterprises across several industries.
Demonstrated track record of successfully developing and maturing cyber risk organizations with the emphasis on delivering results.
Deep understanding of and prior hands-on experience in all major information security, appropriate use, and survivable system engineering functions and activities including policy setting, vulnerability/risk research, security/availability architecture, system security/survivability engineering, incident response, cyber risk operations, cyber risk audit/compliance.
Complete architecture-level understanding of all major information security and appropriate use enforcement technology solutions including advanced malware detection/prevention, mobile device virtualization/MDM, cloud security management, structured and unstructured database encryption, mobile application and remote API security, fine-grained application authorization and access control, security event visualization, big data user and entity behavior analytics, active adversary deception, and others.
Deep understanding of HIPAA, NAIC ORSA, FISMA, NAIC MAR, and others, and experience in interpreting the requirements in the context of different industries.
Proven track record of managing all aspects (scope, budget, schedule, quality) of cross-functional large-scale IT/business projects in Fortune 100 scale global environments.
Externally recognized information security and IT risk management industry thought leadership and innovation accomplishments.
CISM or CISSP is strongly preferred.
Who the Company is
Our client is a large Fortune 500 Enterprise company that we've worked with for over 30+years placing candidates like yourself.
Work with a very talented group of people, where they maintain a friendly environment where people really want to work.
If this sounds great to you, come join us. Please email me your resume.
Employment Type: Permanent
Work Hours: Full Time
Pay: $200,000 to $240,000 USD
Pay Period: Annual
Click here to apply
Please mention that you saw the job on About Leaders