IT & Cybersecurity Risk Manager
Experience Level: MidApply Now
The IT & Cybersecurity Risk Manager is responsible for monitoring and advising on the information technology and information security systems (collectively referred to as I?) of internal control, processes and procedures, and the overall IT control environment. This position reports directly to the VP of Information Security and will collaborate across all GLG business units. The IT Risk Manager will be embedded within our Technology functions, will be an integral contributing member in implementing new controls and processes, review management’s remediation actions to control deficiencies, and will be the liaison with internal audit and third-party testing. The IT Risk Manager will need to understand security risks and technologies and be able to effectively communicate them to business units, bring forth risk management best practices, as well as compliance mandates, and monitor deficiencies identified during assessments to their resolution.
In this position, the IT & Cybersecurity Risk Manager will regularly review and evaluate that the controls are properly designed and in place, participate in routine risk assessments, and report on the state of the environment through the use of Key Risk Indicators (KRI), and assessment of IT General Controls (ITGC) (e.g., system design, data privileges/access and the entire supply chain related to a business system). The results and reports are shared with internal audit and risk teams, independent committees and leadership responsible for risk oversight. The IT & Cybersecurity Risk Manager will also follow up and verify appropriate actions have taken place to any known control deficiencies, especially when risk is excessive or when the organization is not in compliance with regulatory guidance.
Essential Job Duties
- Monitor the adequacy of the controls designed to mitigate the inherent risks in the GLG’s Information Security control environment.
- Work closely with auditors, examiners, and security leadership to ensure cybersecurity and audit policies and practices, as defined in global and industry standards, are aligned with an appropriate level of risk and meet KRIs.
- Implement new policies and process that align to GLG’s IT General Control (ITGC) strategy
- Specify guidance on key risk indicators and ITGC testing methodology, validation and alignment with policies and documentation.
- Be actively informed and engaged in current and upcoming projects across the business.
- Encourage and enforce a strong security culture mindset set forth by risk management, ensuring uniformity across technical teams, business units and employees.
- Build and foster strong relationships with internal business units to ensure the flow of information is open and candid.
- Engage with critical third parties and validate adequate controls are in place.
- Remain up-to-date on security threats, vulnerabilities and mitigations set forth by IT and security teams to reduce the corporate attack surface.
- Document deficiencies in risk management, technology and cybersecurity practices.
- Advocate for the adoption of sound cybersecurity controls, where required or appropriate
- Serve as a point of contact and liaison with external examiners for assessments throughout the year and at end-of-year evaluations.
- Draft and deliver presentations to management explaining assessment results and recommendations for corrective action that are operationally feasible and reasonable given the risk.
- Stay abreast of new laws, regulations and standards, and assess their impact to the business.
Skills and Experience
- At least eight (8) years IT or cybersecurity experience, with at least five (5) years in an operationally focused IT or security practitioner role.
- Expertise in one or more compliance standards, including International Standards Organization (ISO) 27001, Sarbanes-Oxley Act (SOX), National Institute of Standards and Technology (NIST) and Payment Card Industry (PCI).
- Knowledgeable about national and global cybersecurity policies, regulations and security frameworks.
- Demonstrated understanding and comprehension of a wide range of compliance and technology frameworks.
- Project management experience, multitasking and organizational skills.
- Sound judgement with the ability to assess and weigh the balance of risk vs. reward
- Excellent written and verbal communication skills; possesses the ability to communicate across all levels of the organization.
- Ability to work with a diverse group of functional teams (Audit, Finance, Compliance etc…) and promote an enterprise-wide risk management rigor and security-first culture.
About GLG / Gerson Lehrman Group
GLG is the world’s insight network. Our clients rely on GLG’s global team to connect with powerful insight across fields from our network of 900,000+ experts (and the hundreds of new experts we recruit every day).
We serve thousands of the world’s best businesses, from Fortune 500 corporations to leading technology companies to professional services firms and financial institutions. We connect our clients to the world’s largest and most varied source of first-hand expertise, including executives, scientists, academics, former public-sector leaders, and the foremost subject matter specialists.
GLG’s industry-leading compliance framework allows clients to learn in a structured, auditable, and transparent way, consistent with their own internal compliance obligations and the highest professional ethical standards. Our compliance standards are a major competitive differentiator and key component of the company’s culture.
To learn more, visit www.GLGinsights.com.
Gerson Lehrman Group, Inc. (“GLG”) is an equal opportunity employer and will not discriminate against any employee or applicant on the basis of age, race, religion, color, marital status, disability, gender, national origin, sexual orientation, veteran status, or any classification protected by federal, state, or local law.