Senior Manager, Controls & Standards Governance
Responsible for Control library, Cybersecurity controls assessments and Standards Governance.
- Lead the oversight of the Cybersecurity controls environment
- Lead the development and governance of the Cybersecurity standards
- Roll out the GRC Cybersecurity controls framework while balancing the approach with end user experience and compliance to NIST FSSCC.
- Working with Controls Owners in partnership with other Cybersecurity and Technology stakeholders, evaluate and perform an end-to-end analysis of standards and the controls library and identify significant gaps and weaknesses and determine root cause of control deficiencies.
- Develop creative and innovative solutions to manage risk, ensuring that controls and metrics are properly designed, operating effectively, and essential to a proactive risk and control culture that leverages proven evaluation strategies and sound change management protocols.
- Engage collaboratively With Control Owners, regardless of geographic location, providing support across Cybersecurity.
- Update controls and their associated standards and metrics, and be a proactive adviser across the three lines of defence, identifying Cybersecurity risk issues and recommending solutions.
- Monitor the health of the controls library with respect to technical and operational processes.
- Be a part of a team providing independent review of design and control effectiveness.
- Ongoing and periodic risk and control assessment cycles and reporting
- A fit-for-purpose Cybersecurity Controls Library using key risk metrics, indicators and industry standards.
- This will be a high-profile role responsible for supporting audit and assurance engagements.
- Understanding and working knowledge of control frameworks based on industry best practices such as NIST, COBIT, and ISO27001.
- Cyber security qualification e.g. CISSP / CISM (desirable)
- Degree in Cyber, Information Security or IT management
- Demonstrable working knowledge and understanding of key cyber security controls such as Vulnerability Management, Identity & Access Management, Authentication and Authorisation systems, Data Protection, Application Security, Secure Application Development practices, Third-Party and Cloud security.
- IT and cybersecurity policies and standards
- Operational risk frameworks
- Regulatory compliance
- Technology resiliency
Leadership and management experience
- Experienced leader with 10+ yearsâ€™ experience in a regulated environment with risks, controls and metrics within Technology environments.
To apply for this job please visit www.cybersecurityjobsite.com.