GRC Associate- Programs and Strategy

This range is provided by Hamlyn Williams. Your actual pay will be based on your skills and experience — talk with your recruiter to learn more.

$90,000.00/yr - $92,000.00/yr

Direct message the job poster from Hamlyn Williams

Job Title: Chief Information Security Office-Strategy, Programs & GRC Associate

Location: US-NY-New York-4X a week on site

Overview:

This incumbent will provide Strategy, Programs, Governance, Risk and Compliance functions as required to fulfill the banks Information Security Program requirements. This incumbent will provide Strategy Coordination, CISO Projects Management, Training & Culture, Metrics & Reporting, Governance, Risk Assessments and Compliance, Data Privacy functions as detailed below.

• Coordinate Information Security strategy in alignment with the the banks branch strategy

• Maintain strategic initiatives tracking and associated KRIs to track progress and execution of the objectives

• Conduct quarterly strategy reviews with the CISO team to ensure alignment and momentum continue Adjust strategy as necessary

• Provide end-to-end project management function for all CISO led projects

Programs

• Manage all CISO programs, including but not limited to:

o Information Security Program

o Training & Culture Program

Security Training

Phishing Campaigns

o Data Privacy Program

Governance

• Establish and maintain Information Security policies and procedures

• Ensure CISO roles and responsibilities are clearly delineated and documented to ensure efficiency, create synergies and ensure TISR is being properly managed across first and second lines

• Periodically refresh and update TISR controls guidance in relevant policies and supporting procedures with detailed implementation guidance

• Develop, monitor, and track CISO policy adherence measures and metrics

• Provide all administrative functions for the Information Security Committee and all its sub-committees

Risk

• Establish and enhance a TISR framework that consists of the appropriate components to effectively manage TISR

• Conduct risk assessments of TISR for Projects, Third-Party, New Activities and Applications

• Develop and execute an TISR annual work plan of risk identification, assessment, and control evaluation and testing activities

• Review and contribute to the development and maintenance of the taxonomy for Risk, Process and Controls for TISR domains

• Catalog and oversee remediation of TISR issues include those arising from Audit and Regulatory exams, ITRM deep dives, root cause analyses and control testing

• Track observed control gaps and root causes and annually refresh CISO policy and procedures to reflect new and enhanced controls

Compliance

• Prepare and submit Audit Requests for evidence

• Anticipate audit requests and prepare comprehensive approach to for CISO policy and standards and associated implementation

• Prepare response evidence for IT/IS related regulatory exams

• Recommend changes to policy, process or procedures to align with OCC and other federal guidelines and regulations

• Evaluate and provide evidence of compliance for the Banks Branch

• Liaison with LCD/RAO/IAD to ensure collaboration and partnership so that CISO can meet regulatory IT/IS requirements

Data Privacy

• Develop and implement strategies to ensure compliance with relevant privacy laws and regulations

• Stay up-to-date with changes in data privacy legislation and industry best practices

• Assist in the development and maintenance of privacy policies, standards and procedures

• Provide oversight and monitoring of privacy risk assessments by the FLUs

• Ensure all relevant processes reflect privacy requirements and comply with laws and regulations

• Plan and implement privacy training programs and communications

• Identify and assess privacy risks within the organization

Qualifications:

• Bachelor’s degree in Business, Risk, Data, Computer Science, Management Information Systems, Engineering, Mathematics, or related field

• Minimum 3 years of work experience in Financial services Risk Management, Audit, IT/IS Operations, Data Privacy or other relevant functions

• Minimum 2 years of experience in developing and executing IT/IS Risk programs, projects, and policies

• Minimum 1 year of experience working with US Banking Regulations, financial industry standards, and industry standard IT/IS Risk Frameworks

• Good understanding of regulatory requirements including FFIEC, GLBA, NIST

• Knowledge of Information security and cyber security best practices

• Knowledge of systems administration such as Windows Server, Active Directory management, Firewall, UNIX system, network architectures, etc.

• Knowledge of security tools such as SIEM, DLP, XDR, EDR, Web Filter etc.

• CISSP/CRISC/ or IT related certifications preferred

• Seniority level
  Entry level

• Employment type
  Full-time

• Job function
  Information Technology
• Industries
  Staffing and Recruiting

Referrals increase your chances of interviewing at Hamlyn Williams by 2x

New York, NY $60,000.00-$110,000.00 5 days ago

New York, NY $90,000.00-$115,000.00 5 days ago

New York, NY $65,000.00-$70,000.00 1 week ago

New York, NY $39,710.00-$57,615.00 1 week ago

New York, NY $43,753.00-$81,255.00 2 weeks ago

New York City Metropolitan Area $65,000.00-$80,000.00 1 week ago

New York City Metropolitan Area $100.00-$130.00 1 day ago

New York, NY $50,000.00-$60,000.00 1 week ago

New York, NY $50,000.00-$70,000.00 6 days ago

New York, NY $34,000.00-$49,000.00 3 days ago

New York City Metropolitan Area $50,000.00-$53,000.00 6 days ago

New York City Metropolitan Area $50,000.00-$100,000.00 3 weeks ago

New York, NY $65,000.00-$70,000.00 4 hours ago

New York City Metropolitan Area $140,000.00-$190,000.00 1 week ago

New York, NY $34,467.63-$42,096.60 2 weeks ago

New York, NY $42,000.00-$47,000.00 1 week ago

New York, NY $50,000.00-$60,000.00 4 days ago

New York, NY $58,819.00-$73,523.00 4 hours ago

New York City Metropolitan Area 2 weeks ago

New York, NY $56,000.00-$69,500.00 1 week ago

Manhattan, NY $57,000.00-$70,000.00 5 days ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.