GRC Manager

Client of Ethics HR

Description
• Perform security reviews, identify gaps in security architecture, and develop a security risk management plan.
• Perform risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change.
• Plan and conduct security authorization reviews and assurance case development for new and existing installation of systems and networks to confirm that risk is within acceptable limits.
• Provide input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials).
• Verify and update security documentation reflecting the application/system security design features.
• Verify that application software/network/system security postures are implemented as stated, document deviations, and recommend required actions to correct those deviations.
• Develop security compliance processes and/or audits for external services (e.g., cloud service providers, data centers).
• Participate in Risk Governance process to provide security risks, mitigations, and input on other technical risk.
• Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.
• Assure successful implementation and functionality of security requirements and appropriate IT policies and procedures that are consistent with the organization's mission and goals.
• Ensure that security design and cybersecurity development activities are properly documented (providing a functional description of security implementation) and updated as necessary.
• Support necessary compliance activities (e.g., ensure that system security configuration guidelines are followed, compliance monitoring occurs).
• Ensure that all acquisitions, procurements, and outsourcing efforts address information security requirements consistent with organization goals.
• Conduct interactive training exercises to create an effective learning environment
• Develop new or enhance existing awareness and training materials that are appropriate for intended audiences.