Cybersecurity Governance, Risk, & Compliance Manager
EagleView Technologies | Engineering | Rochester, NY
The Cybersecurity Governance, Risk, & Compliance Specialist position is responsible for managing risks related to information security, privacy, governance, vendor security assurance, policy, and compliance. Contributes to preserving the high standards of confidentiality, integrity, and availability of EagleView mission-critical information. Conducts Cybersecurity risk assessments, evaluates controls, and provides feedback to management and process owners on the design and effectiveness of control processes. Implements and maintains on-going programs and processes to test the design and operational effectiveness of security controls. Responsible for ensuring IT assurance and compliance related activities are completed in accordance with industry standards and regulatory requirements. The position reports to the Director of Cybersecurity and is responsible for managing the key functions of information risk management, data protection compliance, governance, and information security assurance.
- Ensure compliance with laws, regulations, and industry standards (e.g. PCI, ITAR, ISO 27001:2013, NIST 800-X).
- Create processes to support effective risk identification, evaluation, communication, and remediation.
- Assist Legal, Engineering, and Sales with customer and vendor contractual negotiations related to security and data privacy obligations.
- Analyzes controls for adequacy of design and performs and/or supports control assurance testing activities.
- Contribute to corporate information risk management strategy, policies, standards, and tactical plans.
- Contributes to a comprehensive internal security audit program that validates existing ISO 27001/NIST security controls.
- Contribute to the company-wide security awareness program and compliance training.
- Coordinate annual enterprise risk assessment and PCI-self assessment activities.
- Ensure all systems, processes, and changes are formally documented.
- Works closely with internal and external auditors, regulators, and examiners, including coordination and compilation of technology documentation requests, reports, and assurance letters to ensure security compliance.
- Maintains the Risk Register.
- Ability to work collaboratively with internal and external departments, vendors, and other key stakeholders.
- Excellent written and verbal communication skills.
- Ability to work independently; self-starter.
- Previous experience in a software development company is preferred.
- Understanding of controls and risks sufficient to identify and evaluate control effectiveness and identify gaps between risks and controls.
- Working knowledge of federal and state data protection laws, e.g., PCI-DSS, Breach Notification Laws, etc.
- Working knowledge of business and risk assessment methodologies/ mitigation strategies using industry standards, e.g., COBIT, ITIL, ISO 27001:2013, NIST, OWASP, etc.
- Critical thinking and analytical ability.
- Excellent verbal and written communication skills.
- Ability to react to high-pressure dynamically changing environments.
- Bachelor degree in a technology or business-related field (BSc or BBA preferred).
- 5 years previous experience in Information Security, Risk Management, or IT audit.
- 5 years of project management experience.
- Certification such as SANS GIAC, CISA, or CISSP preferred.
EagleView® offers competitive pay and robust benefit plans along with the opportunity to grow your career in a fast-paced, fun and casual environment.
EagleView and its subsidiaries are committed to leveraging the talent of a diverse workforce to create great opportunities for our business and our people. EOE/AA. Minority/Female/Disability/Veteran.