Position:

Job Description:

• Conduct comprehensive risk assessments of IT systems, applications, and business processes
• This is a strategic risk and governance role focused on planning and understanding frameworks, not a technical position.
• Maintain and contribute to risk management frameworks and methodologies
• Ensure compliance with relevant industry standards and regulations
• Identify, document, and manage risks in the risk register
• Collaborate with IT and business teams to implement risk mitigation strategies
• Monitor, assess, and report on the effectiveness of risk management controls
• Independently manage and successfully complete multiple audits as the auditee, from preparation to closure
• Assist in reviewing security incidents and their potential impact on business operation
• Monitor vulnerabilities and assist IT teams with tracking vulnerability management remediation

• Education: Bachelor’s degree in Information Technology, Computer Science, Cybersecurity, or a related field. Master's degree is a plus.
• Experience: 3-5 years in IT risk management/governance or information security with a heavy focus IT compliance.
• Heavy exposure to business processes, providing IT compliance advisory services to the business.
• Proven track record in IT risk assessments and mitigation actions.
• Demonstrated ability to independently manage multiple IT audits end-to-end as the auditee.
• Technical Knowledge: Strong understanding of IT governance frameworks (e.g., COBIT, ITIL) and risk assessment methodologies (e.g., FAIR, OCTAVE, NIST RMF).
• Compliance Expertise: Must have experience with multiple compliance frameworks, including ISO 27001 and CMMC. Familiarity with GDPR, HIPAA, PCI DSS, TISAX, DFARS-252.204-2017, FedRAMP and SOX is highly desirable.
• Tools and Technologies: Proficiency in risk management and GRC (Governance, Risk, and Compliance) platforms.
• Business Acumen: Understanding of business processes and their intersection with IT systems.
• IT Audit or Project Management experience is a plus!

• Excellent communication and presentation skills, including the ability to explain complex technical concepts to non-technical stakeholders.
• Proven ability to manage and successfully complete audits independently, demonstrating strong organizational and documentation skills.
• Strong analytical and critical thinking abilities.
• Adaptability to keep up with evolving compliance & regulatory changes, security threats, and technologies.
• Collaboration skills and ability to work in cross-functional teams.
• Effective time management, especially during busy ISO and other audit cycles.
• Strong ethical behavior and commitment to maintaining confidentiality.
• Experience working with publicly traded companies and/or firms under multiple certifications is highly valued.

• The ideal candidate is one that has worked in lockstep with various business units from an IT Risk advisory perspective.
• Candidates that have been auditees and handled end to end ISO 27001 audits from inception to closure.
• Relevant certifications (e.g., CRISC, CISM, CISSP, CISA, RMP)
• Experience with cloud security compliance and emerging technologies
• Knowledge of IoT and AI/ML security implications

• Remote work!
• Medical, Dental, Vision Insurance
• 401k, With Matching Contributions
• Paid Time Off (including sick, holiday, vacation, etc.)
• Health Savings Account (HSA)/Health Reimbursement Account (HRA) Options
• Growth Opportunities
• Short-Term/Long-Term Disability Insurance
• And more!

Actual compensation offer to candidate may vary from posted hiring range based upon geographic location, work experience, education, and/or skill level. The pay ratio between base pay and target incentive (if applicable) will be finalized at offer. 

Location:

Time Type:

Job Category:

EEO Statement:

Arrow is an equal opportunity employer. All applicants will be considered for employment without attention to race, color, religion, gender, age, sexual orientation, gender identity, national origin, veteran or disability status. (Arrow EEO/AAP policy)

We anticipate this requisition will be open for a minimum of five days, though it may be open for a longer period of time. We encourage your prompt application.

In any materials you submit, you may redact or remove age-identifying information such as age, date of birth, or dates of school attendance or graduation. You will not be penalized for redacting or removing this information.