The Cyber Risk and Compliance Manager will execute responsibilities within the Governance and Risk Management remit, including managing the ISO 27001, FedRAMP and SOC 2 Compliance programs, supporting the implementation of internal and external assessments, and managing the full lifecycle of compliance audits and third party risk reviews.

What You’ll Do:

• Manage risk assessments, validation testing, compliance reviews, and audits in accordance with NIST standards.
• Maintain and monitor the central repository for audit evidence and risk findings.
• Collaborate with process owners, external auditors, and other stakeholders in reviewing, monitoring, and resolving findings.
• Develop security training and awareness campaign materials and coordinates approval across the organization’s business functions, i.e., HR, Legal, Compliance.
• Manage the policy, standards and policy exceptions management process and coordinates approval and updates with Information Security Governing body. Involve relevant parties for security risk and compliance issues that span legal, compliance and regulatory requirements.
• Work with other stakeholders to link corporate IT, product, infrastructure, and privacy departments with GRC objectives.
• Assist business units by responding to client inquiries regarding ongoing operational compliance.
• Monitor the effectiveness of the Security Risk Management and Third Party Management functions, including assessing the level and quality of service provided by professional services, including Software Security and Security Controls Assessment services.
• Proactively seek out areas for improvement and offers insightful advice and value-added guidance on process and control enhancements.

What You Need:

• Bachelor’s degree in Computer Science, Information Security, or related field.
• 5+ years of experience working in Information Security Governance, Risk, and Compliance.
• Understanding and technical knowledge of key Information Security Governance concepts, including but not limited to, security training and awareness, policy management, metrics, and data protection.
• Understanding and technical knowledge of key Risk Management concepts, including but not limited to, security risk management, information security consulting, third party management, software security, and security architecture.
• Demonstrable strong management skills, the ability to develop, mentor and coach others.
• Ability to develop information security governance operating plans consistent with the strategy and vision of the organization.
• Ability to delegate work to team members and provide clear and effective guidance on implementation of processes.
• Strong written and oral executive communication, including up to the C-level.
• Strong technical understanding of enterprise computing solutions including cloud hosting, SaaS models and oversight responsibilities.

We’re an amazing place to work. Why? 

• Discretionary Time Off for all employees, with no maximum limits on time off.
• Industry leading health, vision, and dental benefits.
• Competitive compensation package.
• 16 weeks of fully paid parental leave.
• Flexible, hybrid approach to working from home and in the office where applicable.
• Focus on wellness and employee health through stipends and dedicated wellness programming.
• Purposeful career development programs with reimbursement provided for educational certifications.

Our Commitment to Diversity & Inclusion 

At Exiger, we know our people are the core of our excellence. The collective sum of the

individual differences, life experiences, knowledge, inventiveness, innovation, self-expression, unique capabilities, and talent that our employees invest in their work

represent a significant part of not only our culture, but our reputation and what we have

been able to achieve as a global organization.

We embrace and encourage our employees’ differences in age, color, disability,

ethnicity, family or marital status, gender identity or expression, language, national

origin, physical and mental ability, political affiliation, race, religion, sexual orientation,

socio-economic status, veteran status, and other characteristics that make our

employees unique. These unique characteristics come together to form the fabric of

our organization and our culture, and enhance our ability to serve our customers while

helping them to solve their business issues. All qualified candidates will be considered in accordance with this policy.

At Exiger we believe we all have a responsibility to treat others with dignity and respect

at all times. All employees are expected to exhibit conduct that reflects our global

commitment to diversity and inclusion in any environment while acting on behalf of, and

representing, Exiger.

#LI - Hybrid