Senior Director - Information Security Governance, Risk & Compliance (GRC) - Remote
Report Ad Whatsapp
Posted : Friday, June 07, 2024 07:22 PM
(https://ryder.
com/job-applicant-privacy-policy)\ Summary The Senior Director IS Gov Risk & Compliance is a member of the Information Security leadership team and reports to the Chief Information Security Officer.
The GRC director is responsible for establishing and maintaining the company’s overall IT and security GRC program, as well as for developing and managing a global, enterprise-wide information GRC program.
The role includes implementation and maintenance of policies, as well as a comprehensive controls framework with global third-party risk management.
The GRC director ensures the company’s technical systems and information assets are protected.
Furthermore, the GRC director is responsible for identifying, evaluating, and reporting on information security risks that are important for the business to be aware of and act on accordingly.
The GRC director works in tandem with security leadership to elevate the company’s security posture.
To be successful, the director of GRC must be able to influence and lead the GRC security strategy of the business within new and existing information system capabilities.
The position requires a diverse background to understand a variety of systems, including new technologies and legacy systems considered business critical.
Essential Functions Develop and implement a comprehensive IT Governance, Risk, and Compliance strategy, emphasizing privacy, security, business resiliency, and compliance frameworks.
Maintain knowledge on regulatory, privacy, and security industry best practices, and effectively communicate GRC controls across the organization.
Lead a technology risk steering committee, identifying, assessing, and curating technology risks, and guiding strategic technology and budgetary directives.
Oversee protection of information through data classification, loss prevention, and records retention enforcement.
Manage strategy for security audits, compliance checks, and external assessments, aligning with industry standards like HIPAA, GDPR, SOX, CCPA, etc.
Lead organization-wide risk analysis and security maturation programs to uphold and enhance the GRC framework.
Direct GRC team efforts in documenting, enforcing security improvements, and ensuring controls balance risk with business efficiency and innovation.
Act as a primary contact for risk awareness, vendor risk assessment processes, and ensuring compliance across business units.
Liaise with internal and external auditors, provide disaster recovery leadership, and inspire cybersecurity adoption across business units.
Additional Responsibilities Partner with business units when onboarding solutions to ensure adequate controls are available and enabled in production.
Perform additional duties as necessary, supporting the CISO, management team, and executive leadership.
Skills and Abilities Demonstrated leadership experience and thorough understanding of various regulatory requirements and laws such as, but not limited to PCI, SOX, HIPAA, HITRUST, GDPR and GLBA required.
Proven project leadership with both legacy and emerging technologies to assess and manage business risk and enforce security controls required.
Proven understanding of business focus and processes, and ability to inject cybersecurity into the business through teamwork and influence required.
High level of integrity and trustworthiness, as well as confidence to represent the company and security leadership with the highest level of professionalism required.
Demonstrated project management, multitasking and organizational skills, advanced, required.
Knowledge in conducting business continuity tabletop exercises advanced, required.
Knowledge of industry accepted risk management frameworks and standards such as the NIST Risk Management Framework (RMF), NIST Privacy Framework, etc.
advanced, required.
Knowledge of industry accepted Information Security frameworks and standards such as the NIST Cybersecurity Framework (CSF), ISO27001, NIST 800 Series, etc.
advanced, required.
Qualifications Bachelor's degree in computer science, information assurance, MIS or related field, or equivalent required.
Master's degree in information assurance and/or technology, preferred.
10 years or more experience in cybersecurity in one or more roles, including security analyst, compliance and regulations, risk management or audit, required.
5 years or more experience managing global, distributed risk and/or compliance teams, required.
2 years or more experience in Amazon Web Services (AWS), Google Cloud Platform (GCP) and/or Microsoft Azure cloud computing security configuration and management, preferred.
Certified in Risk and Information Systems Control (CRISC) within 1 year required.
The ability to obtain any one or more of the following certifications within 1 year required.
Certified Information Security Manager (CISM) within 1 year required.
Certified Information Systems Auditor (CISA) within 1 year required.
Certified Information Systems Security Professional (CISSP) within 1 year required.
GIAC Security Leadership (GLC) within 1 year required.
Travel: 10-20% Applicants from California, Colorado, Hawaii, New Jersey, New York City, and Washington: Salary is determined based on internal equity; internal salary ranges; market data/ranges; applicant’s skills; prior relevant experience; certain degrees or certifications, etc.
The salary for this position ranges from $150,000.
00 to $180,000.
00.
Employees may also be eligible to receive an annual bonus, as applicable.
Ryder offers comprehensive health and welfare benefits, to include medical, prescription, dental, vision, life insurance and disability insurance options, as well as paid time off for vacation, illness, bereavement, family and parental leave, and a tax advantaged 401(k) retirement savings plan Job Category: Information Security Ryder is proud to be an Equal Opportunity Employer and Drug Free workplace.
All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, sex, sexual orientation, gender identity, age, status as a protected veteran, among other things, or status as a qualified individual with disability.
(https://ryder.
com/job-applicant-privacy-policy)\ Current Employees: If you are a current employee at Ryder (not a Contractor or temporary employee through a staffing agency), please click here (https://wd5.
myworkday.
com/ryder/d/task/1422$3.
htmld) to log in to Workday to apply using the internal application process.
\#wd
com/job-applicant-privacy-policy)\ Summary The Senior Director IS Gov Risk & Compliance is a member of the Information Security leadership team and reports to the Chief Information Security Officer.
The GRC director is responsible for establishing and maintaining the company’s overall IT and security GRC program, as well as for developing and managing a global, enterprise-wide information GRC program.
The role includes implementation and maintenance of policies, as well as a comprehensive controls framework with global third-party risk management.
The GRC director ensures the company’s technical systems and information assets are protected.
Furthermore, the GRC director is responsible for identifying, evaluating, and reporting on information security risks that are important for the business to be aware of and act on accordingly.
The GRC director works in tandem with security leadership to elevate the company’s security posture.
To be successful, the director of GRC must be able to influence and lead the GRC security strategy of the business within new and existing information system capabilities.
The position requires a diverse background to understand a variety of systems, including new technologies and legacy systems considered business critical.
Essential Functions Develop and implement a comprehensive IT Governance, Risk, and Compliance strategy, emphasizing privacy, security, business resiliency, and compliance frameworks.
Maintain knowledge on regulatory, privacy, and security industry best practices, and effectively communicate GRC controls across the organization.
Lead a technology risk steering committee, identifying, assessing, and curating technology risks, and guiding strategic technology and budgetary directives.
Oversee protection of information through data classification, loss prevention, and records retention enforcement.
Manage strategy for security audits, compliance checks, and external assessments, aligning with industry standards like HIPAA, GDPR, SOX, CCPA, etc.
Lead organization-wide risk analysis and security maturation programs to uphold and enhance the GRC framework.
Direct GRC team efforts in documenting, enforcing security improvements, and ensuring controls balance risk with business efficiency and innovation.
Act as a primary contact for risk awareness, vendor risk assessment processes, and ensuring compliance across business units.
Liaise with internal and external auditors, provide disaster recovery leadership, and inspire cybersecurity adoption across business units.
Additional Responsibilities Partner with business units when onboarding solutions to ensure adequate controls are available and enabled in production.
Perform additional duties as necessary, supporting the CISO, management team, and executive leadership.
Skills and Abilities Demonstrated leadership experience and thorough understanding of various regulatory requirements and laws such as, but not limited to PCI, SOX, HIPAA, HITRUST, GDPR and GLBA required.
Proven project leadership with both legacy and emerging technologies to assess and manage business risk and enforce security controls required.
Proven understanding of business focus and processes, and ability to inject cybersecurity into the business through teamwork and influence required.
High level of integrity and trustworthiness, as well as confidence to represent the company and security leadership with the highest level of professionalism required.
Demonstrated project management, multitasking and organizational skills, advanced, required.
Knowledge in conducting business continuity tabletop exercises advanced, required.
Knowledge of industry accepted risk management frameworks and standards such as the NIST Risk Management Framework (RMF), NIST Privacy Framework, etc.
advanced, required.
Knowledge of industry accepted Information Security frameworks and standards such as the NIST Cybersecurity Framework (CSF), ISO27001, NIST 800 Series, etc.
advanced, required.
Qualifications Bachelor's degree in computer science, information assurance, MIS or related field, or equivalent required.
Master's degree in information assurance and/or technology, preferred.
10 years or more experience in cybersecurity in one or more roles, including security analyst, compliance and regulations, risk management or audit, required.
5 years or more experience managing global, distributed risk and/or compliance teams, required.
2 years or more experience in Amazon Web Services (AWS), Google Cloud Platform (GCP) and/or Microsoft Azure cloud computing security configuration and management, preferred.
Certified in Risk and Information Systems Control (CRISC) within 1 year required.
The ability to obtain any one or more of the following certifications within 1 year required.
Certified Information Security Manager (CISM) within 1 year required.
Certified Information Systems Auditor (CISA) within 1 year required.
Certified Information Systems Security Professional (CISSP) within 1 year required.
GIAC Security Leadership (GLC) within 1 year required.
Travel: 10-20% Applicants from California, Colorado, Hawaii, New Jersey, New York City, and Washington: Salary is determined based on internal equity; internal salary ranges; market data/ranges; applicant’s skills; prior relevant experience; certain degrees or certifications, etc.
The salary for this position ranges from $150,000.
00 to $180,000.
00.
Employees may also be eligible to receive an annual bonus, as applicable.
Ryder offers comprehensive health and welfare benefits, to include medical, prescription, dental, vision, life insurance and disability insurance options, as well as paid time off for vacation, illness, bereavement, family and parental leave, and a tax advantaged 401(k) retirement savings plan Job Category: Information Security Ryder is proud to be an Equal Opportunity Employer and Drug Free workplace.
All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, sex, sexual orientation, gender identity, age, status as a protected veteran, among other things, or status as a qualified individual with disability.
(https://ryder.
com/job-applicant-privacy-policy)\ Current Employees: If you are a current employee at Ryder (not a Contractor or temporary employee through a staffing agency), please click here (https://wd5.
myworkday.
com/ryder/d/task/1422$3.
htmld) to log in to Workday to apply using the internal application process.
\#wd
• Phone : NA
• Location : Bismarck, ND
• Post ID: 9119551447