Posted:
11/8/2024, 2:54:01 PM
Location(s):
New York, United States ⋅ City of Poughkeepsie, New York, United States
Experience Level(s):
Senior
Field(s):
IT & Security
Benefits:
Competitive compensation
Medical, Dental, and Vision insurance
401(k) Retirement Savings Plan with substantial company match
Life and Travel Insurance
Tuition Assistance
Wellness Reimbursement Program
Paid Holidays and Vacation
What is a Manager - Cybersecurity Governance, Risk, & Compliance (GRC) & Data Privacy?
The Cybersecurity GRC & Data Privacy Manager is responsible for ensuring the organization complies with relevant regulatory, privacy, and security frameworks. This role oversees governance, risk management, and compliance (GRC) activities, while also ensuring data privacy policies and practices align with industry standards and legal requirements. The manager will collaborate across departments to identify risks, implement security controls, and foster a culture of compliance.
What does a Manager - Cybersecurity GRC & Data Privacy do?
The Cybersecurity GRC & Data Privacy Manager is responsible for the following:
Overall:
Aides in the development of the Cybersecurity roadmap and strategy
Responsible for the cybersecurity risk register
Responsible for GRC & data privacy programs, roadmaps, and operations
Responsible for creation, maintenance, and roadmap for all cybersecurity policies and process library
Responsible for records and information management
Responsible for SOX controls and audits
Communicates and ensures information security programs, and other assigned frameworks are in compliance with regulatory applicable laws, policies, organizational security policies and standards.
Lead efforts to establish and implement integrated cyber security and risk management solutions.
Aligns cyber strategies with the strategic direction of the organization.
Develop and monitor a strategic, comprehensive cyber security and risk management program (including strategy, policies, standards, processes, and guidelines) to ensure the integrity and confidentiality of information owned, controlled or processed by the organization.
Lead cross-functional teams to enhance the organization’s security posture and ensure compliance with legal and regulatory standards
Act as a point of contact for regulatory authorities and external stakeholders on cybersecurity and data privacy matters
Collaborate with IT, legal, and business units to ensure proper implementation of security controls and data privacy measures
Stay up to date on global data privacy regulations and GRC strategies and ensure the organization adapts to changes
Provides storm/emergency response support
Governance, Risk, and Compliance:
Develop, implement, and maintain GRC policies and programs, ensuring compliance with regulations (e.g., ISO 27001, NIST, NERC, GDPR)
Establishes information security baseline and advances information security maturity model (e.g. C2M2, NIST)
Conduct risk assessments to identify security gaps and vulnerabilities across the organization
Establish and enforce security frameworks, standards, and best practices
Collaborate with business units to ensure adherence to cybersecurity policies and practices
Oversee third-party risk management, ensuring vendors comply with security and privacy requirements
Lead audits (internal and external) and manage the remediation of non-compliant findings
Responsible for overall compliance of Cybersecurity program, remediation of assessment findings, and risk reduction strategy
Responsible for the cybersecurity risk register
Track and report on key cybersecurity and compliance metrics for executive leadership.
Data Privacy:
Oversee the development and implementation of data privacy policies and procedures to ensure compliance with relevant data protection laws
Ensure the proper handling of personal data and responding to data subject requests
Manage data privacy risk assessments and data protection impact assessments
Provide guidance on data privacy issues related to new projects, technologies, and partnerships
What does it take to be a Manager - Cybersecurity GRC & Data Privacy?
Required:
Bachelor’s degree in Cybersecurity, Computer Science, Information Technology or related field of study and 5 years of experience in Cybersecurity, GRC, data privacy or related. In lieu of a bachelor’s degree, an associate’s degree in the forementioned fields with 7 years of related experience or a high school diploma or equivalency degree and 9 years of related experience will be considered
Proven leadership, facilitation, and organizational skills with at least 3 years of experience in a leadership role
Proven experience in cybersecurity management with a focus on risk management and compliance
Proven experience with industry standards & frameworks such as NIST, ISO, GDPR, etc.
Proven experience with cybersecurity incident response
Proven experience with creating and maintaining external and internal relationships with key stake holders
Strong understanding of cybersecurity frameworks, standards, and best practices
Excellent knowledge of risk assessment strategies
Excellent communication skills, with the ability to collaborate effectively with diverse teams
Analytical mindset with the ability to assess complex situations and make informed decisions
Proven ability to present at all levels of the organization
A strong background with an understanding of the intersection between business and cybersecurity to improve security practices
Ability to influence business decision-making by providing quantitative/qualitative data analytics, metrics, and analysis
A results-oriented mindset with the ability to solve problems and make decisions
Ability to work with limited direct supervision and professionally respond to constructive feedback
Valid driver’s license
Preferred:
Experience working with global regulatory frameworks
Familiarity with emerging technologies and their impact on data privacy and security
Experience in Energy & Utilities or services industry
Experience with Microsoft PowerBI
Experience with data visualization tools
Relevant certifications such as CISSP, CISM, CRISC, CIPP, CIPM or comparable
Pay range: $136,800-211,900
Please go to https://www.cenhud.com/employment. Click the “Search Career Opportunities” button. Follow the directions to submit an application and upload your resume for the desired position.
Applications sent via e-mail and US Mail will not be accepted. No phone calls or agencies, please. All replies will be held in strict confidence.
All qualified applicants will receive consideration for employment and will not be discriminated against on the basis of race, creed, color, ethnicity, arrest or conviction record, religion, sex, sexual orientation, gender identity or expression, national origin, age, disability, citizenship, genetic information, familial status, marital status, pregnancy-related condition, domestic violence victim status, veteran or military status, or any other characteristic protected by federal, state or local laws. Central Hudson Gas & Electric Corporation takes affirmative action in support of its policy to employ and advance in employment individuals who are minorities, women, protected veterans, and individuals with disabilities.
VEVRAA FEDERAL CONTRACTOR
Website: https://regionalhelpwanted.com/
Headquarter Location: Central Valley, New York, United States
Employee Count: 251-500
Year Founded: 1999
IPO Status: Private
Industries: Local ⋅ Online Portals ⋅ Recruiting