Information Security Risk Compliance Manager

Hello Professionals

This is Meba Laitstep from NYC IT Inc. I am writing to you regarding the Information Security Risk Compliance Manager position.

I have mentioned the job Description below for your review. Please let me know if you are interested and send me your most up-to-date resume including your expected hourly rate along with your Work Authorization.

As this is an urgent business requirement we would greatly appreciate your prompt response.

Position Details:

Job title: Information Security Risk Compliance Manager

Only GC/US Citizen

Only Local to NY/NJ

**Only candidates that are willing to go onsite in NYC**

Information Security Risk Compliance Manager will report to the Chief Information Security Officer within the Division of Office for the Commissioner Office of Information Technology (OIT). The unit is comprised of a Chief Information Security Officer and a senior and junior-level Security architecture position.

Scope of Work Objectives: The Information Security Risk Compliance Manager oversees the organizations efforts in:

Risk assessment Risk mitigation

Compliance management

Security governance incident response vendor risk management

Security awareness and training

Security audits and assessments reporting and communication continual improvement and cross-functional collaboration.

Their role is to ensure that the organizations systems networks and processes are secure compliant with regulations and standards and aligned with organizational goals and objectives.

Responsibilities:

Conduct risk assessments to identify potential threats and vulnerabilities to the organization.

Develop and implement risk management strategies and policies to mitigate identified risks.

Monitor and evaluate risk exposure across various departments and business units.

Coordinate with stakeholders to ensure compliance with regulatory requirements and industry standards.

Communicate risk management strategies and findings to senior management and relevant stakeholders.

Lead the development and maintenance of the organizations risk register and risk management framework.

Provide guidance and support to departments and teams in implementing risk mitigation measures.

Conduct training and awareness programs on risk management principles and practices.

Continuously monitor and review the effectiveness of risk management strategies and adjust as necessary.

Stay updated on emerging risks and industry trends to proactively address potential threats to the organization.

Maintain and enhance the company-wide security awareness program.

Take ownership of establishing and enforcing security standards both within the team and across the organization. Work proactively and collaboratively to achieve change management and buy-in. Deliverables:

Compliance Management: Ensure compliance with relevant regulations standards and frameworks such as GDPR HIPAA ISO 27001 NIST etc. by establishing and maintaining appropriate controls and processes.

Risk Mitigation: Develop and oversee risk mitigation strategies and controls to address identified security risks including implementing technical controls security best practices and security awareness training programs.

Incident Response: Develop and implement incident response plans and procedures to effectively respond to and manage security incidents including data breaches cyberattacks and security breaches.

Vendor Risk Management: Assess and manage risks associated with third-party vendors and service providers including evaluating their security posture conducting due diligence assessments and ensuring contractual compliance.

Cross-functional collaboration: Collaborate with IT teams legal HR compliance and other departments to ensure a holistic approach to information security risk management and compliance.

Continual Improvement: Monitor industry trends emerging threats and regulatory changes to ensure that the organizations information security risk and compliance programs remain up-todate and effective.

Preferred Skills:

Excellent verbal and written communication skills.

Ability to work both independently and as part of a team.

Knowledge of Networking (Firewall Networking Protocols);

Working knowledge Frameworks

Working knowledge of Information Security Domains

Working knowledge of Security protocols

Working knowledge of Cloud computing

Requirements

Required Qualifications

Strong verbal and written communication; able to translate complex risk topics for technical and non-technical audiences.

Demonstrated ability to work independently and collaboratively across cross-functional teams.

Working knowledge of:

o Information security domains (e.g. IAM vulnerability management data protection incident response).

o Frameworks/standards (NIST ISO/IEC 27001; familiarity with HIPAA GDPR).

o Security protocols & networking (firewalls networking protocols).

o Cloud computing concepts and shared responsibility (AWS/Azure/GCP).