Please contact your Administrator to change your authorization settings.
The Cyber Risk and Compliance Manager will execute responsibilities within the Governance and Risk Management remit, including managing the ISO 27001, FedRAMP and SOC 2 Compliance programs, supporting the implementation of internal and external assessments, and managing the full lifecycle of compliance audits and third party risk reviews.
What You'll Do:
- Manage risk assessments, validation testing, compliance reviews, and audits in accordance with NIST standards.
- Maintain and monitor the central repository for audit evidence and risk findings.
- Collaborate with process owners, external auditors, and other stakeholders in reviewing, monitoring, and resolving findings.
- Develop security training and awareness campaign materials and coordinates approval across the organization's business functions, i.e., HR, Legal, Compliance.
- Manage the policy, standards and policy exceptions management process and coordinates approval and updates with Information Security Governing body. Involve relevant parties for security risk and compliance issues that span legal, compliance and regulatory requirements.
- Work with other stakeholders to link corporate IT, product, infrastructure, and privacy departments with GRC objectives.
- Assist business units by responding to client inquiries regarding ongoing operational compliance.
- Monitor the effectiveness of the Security Risk Management and Third Party Management functions, including assessing the level and quality of service provided by professional services, including Software Security and Security Controls Assessment services.
- Proactively seek out areas for improvement and offers insightful advice and value-added guidance on process and control enhancements.
What You Need:
- Bachelor's degree in Computer Science, Information Security, or related field.
- 5+ years of experience working in Information Security Governance, Risk, and Compliance.
- Understanding and technical knowledge of key Information Security Governance concepts, including but not limited to, security training and awareness, policy management, metrics, and data protection.
- Understanding and technical knowledge of key Risk Management concepts, including but not limited to, security risk management, information security consulting, third party management, software security, and security architecture.
- Demonstrable strong management skills, the ability to develop, mentor and coach others.
- Ability to develop information security governance operating plans consistent with the strategy and vision of the organization.
- Ability to delegate work to team members and provide clear and effective guidance on implementation of processes.
- Strong written and oral executive communication, including up to the C-level.
- Strong technical understanding of enterprise computing solutions including cloud hosting, SaaS models and oversight responsibilities.
We're an amazing place to work. Why?
- Discretionary Time Off for all employees, with no maximum limits on time off.
- Industry leading health, vision, and dental benefits.
- Competitive compensation package.
- 16 weeks of fully paid parental leave.
- Flexible, hybrid approach to working from home and in the office where applicable.
- Focus on wellness and employee health through stipends and dedicated wellness programming.
- Purposeful career development programs with reimbursement provided for educational certifications.
Our Commitment to Diversity & Inclusion
At Exiger, we know our people are the core of our excellence. The collective sum of the
individual differences, life experiences, knowledge, inventiveness, innovation, self-expression, unique capabilities, and talent that our employees invest in their work
represent a significant part of not only our culture, but our reputation and what we have
been able to achieve as a global organization.
We embrace and encourage our employees' differences in age, color, disability,
ethnicity, family or marital status, gender identity or expression, language, national
origin, physical and mental ability, political affiliation, race, religion, sexual orientation,
socio-economic status, veteran status, and other characteristics that make our
employees unique. These unique characteristics come together to form the fabric of
our organization and our culture, and enhance our ability to serve our customers while
helping them to solve their business issues. All qualified candidates will be considered in accordance with this policy.
At Exiger we believe we all have a responsibility to treat others with dignity and respect
at all times. All employees are expected to exhibit conduct that reflects our global
commitment to diversity and inclusion in any environment while acting on behalf of, and
representing, Exiger.
#LI - Hybrid
Exiger is revolutionizing the way corporations, government agencies and banks manage risk and compliance with a combination of technology-enabled and SaaS solutions. In recognition of the growing volume and complexity of data and regulation, Exiger is committed to creating a more sustainable risk and compliance environment through its holistic and innovative approach to problem solving. Exiger's mission to make the world a safer place to do business drives its award-winning AI technology platform, DDIQ, built to anticipate the market's most pressing needs related to evolving ESG, cyber, financial crime, third-party and supply chain risk. Exiger has won 30+ AI, RegTech and Supply Chain partner awards.
Exiger's core values are courage, excellence, expertise, innovation, integrity, teamwork and trust.
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law.