Dear Business Partner, My client is looking for a *Sr. IT Governance/Risk Compliance Manager*
Please share your consultants’ suitable resumes with me on my ID: [email protected] Job title: Sr. IT Governance/Risk Compliance Manager Location: Brooklyn, NY Duration: 7 Months Contract *In person interview is required* Need a GRC security manager with CASB (cloud access security broker) The type of candidates will be on Information security with GRC and Archer experience using ISO, NIST standards Job Description Establish and oversee an integrated risk/threat management program through the lens of GRC (Goverance Risk Compliance). Be very experienced in Threat Management to identify Threat and Risk Intersects. Understand Software and Data Security from a security testing perspective. GRC Manager will be expected to perform intermediate Security Architecture and Threat mitigation duties. Identify legal, regulatory and contractual requirements and organizational policies and standards related to information systems to determine their potential impact C. Create and maintain an integrated Risk Register. Assemble risk scenarios to estimate the likelihood and impact of significant events to the organization. Analyze risk scenarios to determine their impact on business objectives. Develop a Cloud Risk Assessment with specific policies for cloud apps. Correlate identified risk scenarios to relevant business processes to assist in identifying risk ownership. Develop Risk Appetite across all CITY Agencies with individual agency baselines. Assist and co-manage with the Director of IT Risk, the full lifecycle of GRC. Manage a Third Party GRC program to include Security Control Workflow, vendor compliance and assessment. Mandatory Skills: Minimum 8 years of experience managing risk compliance. Hands on experience with Application Security controls including design, dynamic scans, static code analysis for control flow and analysis. Knowledge of CASB, IAP and Auditing Web Applications and Web Architecture Must be an Excel expert – Designing complex risk base models and building complex formulas (some Excel programing). Knowledge of GRC platforms that enable the build of strategic monitoring and tactical foundation elements such as an integrated repository. Knowledge of POST/GET request and client centric technologies (Angular JS) Knowledge on attack vectors and vulnerabilities Desirable Scripting languages – PowerShell, BASH etc. *Best Regards,* *David Johnson - IT Recruiter* *MANIFEST Technology* *Email:* *[email protected]* <[email protected]> This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. -- You received this message because you are subscribed to the Google Groups "project managment" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/project-managment. For more options, visit https://groups.google.com/d/optout.
