Security GRC 2LoD

Job Overview:

The Security GRC (Governance, Risk, and Compliance) 2nd Line of Defense (2LoD) role is crucial in maintaining and enhancing the organizations security posture by effectively managing risks, ensuring compliance with applicable regulations, and supporting the overall governance framework. The role involves monitoring risk remediation efforts, providing expert guidance, and supporting the first line of defense (1LoD) in achieving security objectives.

Key Responsibilities:

Risk Management:

- Monitor risk remediation activities exceeding the risk appetite.

- Develop and implement risk mitigation strategies and action plans.

- Report to boards and working groups on a regular basis, providing advice and resolving conflicting goals

Compliance & Assurance Management:

- Stay abreast of relevant laws, regulations, and industry standards affecting the organization. - Ensure compliance with regulatory requirements.

- Monitor control implementation & effectiveness. Track control attestations and exceptions Evaluating the implementation and effectiveness of a control.

- Participate in security incident investigations, documenting findings, and recommending corrective actions.

Metrics and reporting:

- Support Intl GRC management and entity management reporting needs.

- Analyze security metrics data to identify trends, patterns, and anomalies that may indicate areas of concern or opportunities for improvement.

Resilience

- Report to management on overall Resilience status as measured against risk appetite/tolerance.

Security Outsourcing

- Coordinate with 1LOD to assess/monitor SLA performance for outsourced security services, and report back on root cause for non compliance.

Other responsibilities:

- Maintain runbooks/SOPs for 2LOD support.

- Actively collaborate with 1LOD to streamline processes.

- Participate in team meetings and other project support meetings actively.

- Identify and recommend opportunities to improve current processes.

- Maintain strict compliance with CB IT and Security policies and procedures

Qualifications:

Bachelors degree in Computer Science or a related field.

Alternatively, candidates with a minimum of 5-10 years of relevant experience in IT and Security Program Management, particularly with a focus on managing enterprise-scale projects and remote personnel, may be considered. Proficiency in project management methodologies, information security best practices, and relevant technical skills is essential. PMP or similar certifications are a plus.

Other Experience with program lifecycles, scheduling, budgeting, risk management, and conflict resolution techniques.

6+ years of experience in Project Management, Program Management or a similar field.

3+ years of experience supporting security engineering, regulatory compliance, risk management, audit, or other applicable programs/projects.

Self-motivated and able to work with minimal supervision across time zones and geographies