Pontera is on a lookout for a GRC Specialist- A temporary position- Replacement employment during maternity leave. Reporting to the Chief Information Security Officer, the Governance, Risk, and Compliance (GRC) Specialist will help run the company GRC program covering the security policy, risk management process, and compliance with standards and regulations such as ISO27001, SOC 2, and applicable Privacy regulations.

* Option for 80% to 100% employment

RESPONSIBILITIES

• Lead a service-oriented and a customer engagement driven GRC operational function
• Operationalize various GRC capabilities such as (i) company security risk management, (ii) compliance management, (iii) policy management, (iv) security training, (v) third party risk management, and (vi) assuring our customers we meet the highest security standards as expected
• Lead the operationalization of security compliance programs to support various compliance regulations
• Perform risk assessments that address security threats, changes to systems and/or applications, process improvement initiatives, supplier assessments (including downstream outsourcers) and other requests from the business
• Work with various operational and business teams to drive toward a cohesive view of security risk and drive remediation items to closure. Maintain accurate reporting of remediation activities to bring appropriate visibility to stakeholders
• Monitor the security risk profiles of our suppliers to objectively determine high risk suppliers that require additional review
• Establish and maintain security metrics and reporting
• Respond to customer security/compliance questionnaires
• Act as security risk management ambassador to internal customers
• Development of actionable and agile security compliance programs to support various compliance regulations
• Implement and operate advanced, automated and AI based solutions for Compliance management and Third-Party Security Management
• The use of defined risk methodologies and best practices to perform IT/Security assessments. Responsible for the planning, scoping, and execution of these assessments
• Driving remediation activities from identification, remediation plan and closure. Hold owners accountable to delivery of remediation solutions within the agreed upon/reasonable SLA
• Operationalization of a metrics and reporting function to continually report on meaningful security, risk and compliance metrics for operational and executive management. Develop and manage the automation of KRIs and KPI reporting that align with operational/business risk areas and corporate risk

REQUIREMENTS

• 3+ years experience working in governance, risk, and compliance and/or information security and risk management
• Functional knowledge of the CISSP security domains and information security industry standard and best practices
• Functional knowledge of applicable security regulatory requirements (CCPA, GDPR)
• Functional knowledge of ISMS governance models (i. e. ISO 27001, NIST, CAIQ), information security roles, security controls
• Functional knowledge of common security certifications (i. e. ISO 27001, SOC1, SOC2) and ability to glean significance from findings identified in these reports
• Ability to communicate risk methodologies and concepts to the business units and R&D
• Demonstrated experience with controls definition, development, implementation, and assessment
• Strong interpersonal skills and ability to work effectively with diverse and distributed teams
• Strong attention to detail, project management and organizational skills