Information Security Manager - GRC

G-P fosters an innovative, remote-first culture that values diversity and inclusivity. As an Information Security Manager - GRC, you will be part of a dynamic team where every individual's contributions are valued. We aim to create an environment that encourages creativity while providing the resources and flexibility necessary for you to thrive in your role.

When developing a GRC framework, I start by assessing the current security posture and identifying compliance gaps. I then reference industry standards and regulatory requirements to outline necessary policies, controls, and processes. Collaboration with cross-functional teams is essential to ensure the framework aligns with business objectives and is practical for all stakeholders.

In my previous roles, I've conducted comprehensive risk assessments by identifying potential security threats and vulnerabilities, assessing their impact, and prioritizing them based on business risk. I utilize frameworks like NIST and ISO 27001 to formalize the assessment process and produce actionable insights for management.

I have developed and executed incident response plans that outline the steps to mitigate and resolve security incidents. This process includes identifying the incident, containing the threat, eradicating it, and recovering systems. Post-incident evaluations help us learn and enhance future incident responses.

To ensure compliance with global regulations, I stay informed about regulatory changes and conduct regular audits. This includes collaboration with legal teams to ensure understanding and adherence to requirements such as GDPR, SOC2, and ISO 27001. Continuous training and awareness programs for staff also play a vital role in compliance.

My approach to vendor risk management includes conducting thorough risk assessments before onboarding vendors, ensuring they meet our security standards. I maintain ongoing relationships with vendors to assess compliance and review their security practices regularly to adapt to any changes.

I foster a culture of security awareness by implementing ongoing training programs tailored to different levels of the organization. Using real-world examples and simulations, I make security concepts relatable and encourage employees to take an active role in maintaining security practices.

A successful security audit includes thorough planning, clear communication with stakeholders, and comprehensive documentation of policies and procedures. I ensure that findings are actionable and lead to improvements while cultivating an open environment that encourages feedback about security practices across the organization.

Managing multiple security projects concurrently requires exceptional organizational skills. I prioritize tasks based on urgency and impact, often using project management tools to track progress and keep communication open with all team members involved.

I have extensive experience in compliance monitoring, which involves conducting regular audits to assess adherence to security policies and regulatory requirements. Utilizing compliance checklists aligned with standards aids in evaluating our processes and ensuring corrective actions are taken when necessary.

When disagreements arise over security policies, I focus on transparent communication and understanding differing viewpoints. I present data to support my recommendations and strive to find a consensus that aligns security needs with business goals, ensuring all stakeholders feel heard.