**Principal, Cyber Security - Governance, Risk and Controls (GRC)**

Job description

Tasks

• Develop, communicate, maintain and interpret complex elements of data security governance (e.g. policies, standards, TOMs, procedures and business continuity plans) that define data security requirements.
• Develop, implement and execute governance and monitoring processes as required for internal/external standards and regulations (e.g. FFIEC, GDPR, etc.).
• Responsibility for the execution of self-assessments for data protection risks and controls (RCSA) and the development of process risk and control inventories (PRIC).
• Monitor KRIs/KPIs and perform escalation activities for non-compliance with data protection policies, standards and procedures to various levels of management.
• Contribute to the optimization, execution and maintenance of elements of the data security program, especially those related to business processes, repeatable methods, automation and measurements for a functioning, risk-based data security program (e.g. KRIs/KPIs, metrics).
• Work with information security management frameworks (e.g. ISO27001, NIST CSF, SANS Top20 Critical Security Controls etc.).
• Respond to complex inquiries and new periodic reviews from internal partners (e.g. business, compliance, audit, risk) and external partners (e.g. regulators, external auditors, third parties) both verbally and in writing.
• Responsibility for managing and tracking internal and external issues or concerns related to the data protection program, such as audit findings and remediation efforts.

Requirements

• Bachelor's degree or equivalent experience.
• Experience with data governance teams at corporate and various business levels.
• Experience in conducting or responding to IT audits (FFIEC manual).
• Experience developing strategic program roadmaps from start to finish.
• Strong analytical and problem solving skills.
• Expert experience with report visualization (Excel, PowerPoint, Tableau, Power BI, etc.).
• Excellent communication skills.
• Strong organizational and facilitation skills.
• Ability to work autonomously, under pressure and with prioritization of tasks.

Preferred requirements

• CISSP, CISM or other information security certifications.
• Experience with computer languages (SQL, Query, Python, etc.).
• Extensive knowledge of business process management.
• Experience with KRIs/KPIs and the development and communication of dashboard reports.

We offer

• Salary range: $114,700 - $194,900 USD.
• Comprehensive benefits package, including:
• Pension benefits (401(k) and pension).
• Health and social benefits (health, dental, eye, life and accident insurance, accounts and disability).
• Paid vacation.
• Parental and care leave.
• Discretionary bonus program, which may include an equity component.

Working environment

• Flexible and collaborative working environment.