The GRC Manager is responsible for developing, implementing, and maintaining comprehensive governance, risk management, and compliance programs.
The position will work closely with stakeholders and vendors to ensure alignment with industry regulations, best practices, and organizational objectives.
Main Responsibilities
- Lead and manage Claire’s Governance, Risk, & Compliance program
- Develop and maintain information security policies, standards, and procedures aligned with industry best practices and collaborate with stakeholders as needed to do so
- Conduct and participate in risk assessments, working proactively with vendors and stakeholders to collect any necessary data
- Collaborating with stakeholders to develop and implement risk mitigation strategies and manage compliance initiatives
- Identifying and managing appropriate controls, policies, procedures, compliance metrics, monitoring, reinforcement, and enforcement activities.
- Create and deliver GRC updates to senior leaders, including : reports concerning compliance failures, breaches or incidents
- Ensure security controls are operating effectively by maintaining control documentation, performing periodic reviews, and coordinating with responsible parties to maintain compliance
- Ensure that the organization achieves a sufficient level of compliance with relevant information security and privacy-related obligations imposed by laws, regulations, standards, contracts, policies etc.
- Conduct regular internal audits and review to ensure that compliance procedures are followed
- Ensure employees are thoroughly updated about the organization’s policies, regulations, and processes, developing and delivering programs to do so
- Maintains awareness of regulatory developments and industry trends
- Work with internal stakeholders to document and ensure best practices for BCDR and identity and access management
Qualifications
- BS in Information Systems preferred but appropriate experience is acceptable.
- Excellent communication skills are needed with demonstrated ability to work with multiple organizational functions and levels
- Understand NIST framework and how it applies
- PCI assessment experience
- Excellent writing skills
- Certifications a plus; CISSP, CISA, or equivalent experience
- 5-7 years of experience in the risk assessment or auditing of complex IT systems
- 3-5 years of experience in Program Management, Governance or Compliance Management
- High level understanding of securing Hybrid Platforms
- Solid understanding of IT concepts and operations
- Knowledge of third-party auditing and cloud risk assessment
- Risk Assessment methodologies and best practices
- Risk Treatment and Remediation
- Experience working with and interacting with 3rd party auditors
- Working knowledge of Information Security best practices, audit frameworks and possibly privacy laws (e.g., familiarity with ISO 27000 series, SANS, NIST, OWASP Top 10, COBIT, CIS Top 20, PCI, CCPA, etc.
- Fundamental knowledge about GRC rules and regulations
- Bonus if you are familiar with conducting BIAs
Claire's is an equal opportunity employer committed to diversity, equity and inclusion and we encourage applications from members of all underrepresented groups, including those with disabilities.
We will accommodate applicants' needs, upon request, throughout all stages of the recruitment process. Please inform us of the accommodation(s) that you may require.
30+ days ago