Manager, Corporate Governance, Risk, and Compliance

Summary

Join GuidePoint Security as a Manager of the corporate Governance, Risk, and Compliance (GRC) team. Lead a team of four Information Security Specialists, executing the internal GRC strategy while ensuring alignment with business objectives and regulations. Develop and maintain enterprise information security policies, standards, and procedures, and deliver associated training. Establish and maintain security risk metrics, manage internal and external Privacy standards, and contribute to the company’s Business Resilience Strategy. Perform security and privacy reviews for contracts and RFPs, conduct risk assessments, and support internal and external audits. Ensure GuidePoint’s Suppliers align with required controls and standards. This role requires strong communication, organizational, and cross-functional collaboration skills.

Requirements

• Undergraduate degree in cybersecurity/computer science and five years of work experience or eight or more years of work experience in Information Security
• At least 3 years’ experience in a managerial role
• Knowledgeable about and experienced aligning security programs with regulatory requirements (e.g., CMMC, GDPR; HIPAA; NYSDFS; etc.) and industry security frameworks (e.g., NIST, ISO, etc.)
• Previous experience with security and privacy control definition, design, and implementation
• Experience with managing internal and external compliance audits and assessments
• Privacy experience including fielding Data Subject requests and performing Data Privacy Impact Assessments
• Familiarity with reviewing, developing, monitoring, testing, and implementing contingency planning measures in support of the organization’s critical functions
• Excellent communication skills and demonstrated ability to engage with stakeholders at all levels, including cross-functional collaboration experience
• Excellent organization skills, self-directed, and self-motivated

Responsibilities

• Manage and lead a team of four Information Security Specialists and the processes comprising the GRC team’s portfolio of services
• Develop, disseminate, and maintain enterprise information security policies, standards, and procedures, and deliver the associated training program to all personnel
• Establish and maintain relevant security risk metrics
• Manage internal and external Privacy standards and initiatives
• Help inform and maintain the company’s Business Resilience Strategy
• Perform security- and privacy-centric reviews for contracts, Requests for Information (RFIs), and Requests for Proposals (RFPs)
• Conduct risk assessments (e.g., enterprise annual, Commercial off the Shelf software and supplier reviews, etc.) and recommend risk mitigation strategies
• Support, facilitate and manage the response to internal and external audits and assessments of GuidePoint's security program
• Ensure GuidePoint's Suppliers align with required controls and standards through the Third-Party Risk Management process and providing subject matter expertise in crafting the security exhibit appended to suppliers’ service agreements

Preferred Qualifications

• CISA, CISM, and/or CISSP certifications
• Experience working with Jira, Confluence, Veza, BitSight (or other supplier risk management tools)

Benefits

• Group Medical Insurance options: Zero Deductible PPO Plan (GuidePoint pays 90% of the premium for employees and 70% for family plans (spouse/children/family) or High Deductible Health Plan with HSA (GuidePoint pays 100% of the employees premiums and 75% for family plans (spouse/children/family) and GPS will contribute in one lump sum: ($500 per EE annually / $1000 per family annually (includes spouse/children/family options)
• Group Dental Insurance: GuidePoint pays 100% of the premium for employees and 75% of family plans
• 12 corporate holidays and a Flexible Time Off (FTO) program
• Healthy mobile phone and home internet allowance
• Eligibility for retirement plan after 2 months at open enrollment
• Pet Benefit Option
• Remote workforce primarily (U.S. based only, some travel may be required for certain positions, working on-site may be required for Federal positions)