Director, Cyber Security Governance, Risk and Compliance (GRC)

Director Cyber Security Governance, Risk, & Compliance

BUSINESS: CIRCOR Corporate

LOCATION: Remote

DIRECT REPORTING: CISO

FUNCTIONAL REPORTING: CIO

POSITION DETAILS

Position Summary

The Director, Cyber Security GRC is responsible for developing and managing governance processes and standards to ensure that IT and cyber security standards, architecture/designs, plans, controls, processes, and procedures align with policy and control requirements. The Director role oversees the complete policy life cycle management process, cloud control governance, core control governance, and control review services. This role will drive the development and companywide implementation of control governance standards utilizing existing control frameworks. Control governance standards will guide enterprise wide IT and business processes on security control requirements to enable business and IT goals and to align with compliance and risk processes. CIROCR International operates globally and must comply with various local and government regulatory requirements including, but not limited to NIST 800-171, CMMC, GDPR, and SOX.

Key Responsibilities

The Director ensures that security policies and controls are aligned with regulatory requirements and industry best practices and support business and IT strategic goals globally. Essential tasks include the development, implementation and management of control governance standards for Information Security and IT architecture designs, plans, controls, processes. The role will be responsible for control review and guidance services including enterprise level control recommendations and risk assessment. The Director leads a team of ISSO, ISSM and security policy and control professionals and ensures the development of individual skill sets and growth paths.

Job Requirements:

CANDIDATE REQUIREMENTS

Knowledge Skills & Abilities

• Proven track record to build out control environments and audit them against various regulatory requirements.
• Strong team player who consistently models and inspires high levels of integrity, lives up to commitments and takes responsibility for the impact on one's actions.
• Guides and energizes others, models adaptability and inspires strong organizational performance through periods of transformation, ambiguity and complexity.
• Ability to interact and effectively communicate complex topics to all levels of management within and outside of the organization. Understand the needs and perspectives of others and tailors delivery accordingly.
• Exercises independent judgment / decision making on complex issues. Competent to work independently, meet established expectations and take responsibility for achieving results, and ensures direct reports to do the same.
• Bachelor's degree in Cyber Security, Computer Science, Information Technology or a related field 8 or more years of progressive leadership in an Information Security or IT leadership position
• Experience with Governance Risk and Compliance technologies and their implementation
• Experience working with control frameworks such as NIST CSF, NIST 800-171, NIST 800-53, GDPR, and SOX.
• Proven experience in developing and implementing control governance processes.
• Strong experience in designing and managing security policies and controls.
• Experience integrating Cyber Security technologies with existing technologies including cloud services.
• Strong ability to assess urgency and prioritization and make good decisions based upon situational circumstances.
• Excellent communication skills with the ability to influence others.
• Must be passionate about contributing to an organization focused on continuously improving governance and compliance management.

Education & Experience

• Bachelor's degree in Computer Science, Engineering, or related discipline; MBA desirable; equivalent experience acceptable.
• CISM, CISA, or equivalent experience/accreditation, with strong skills in control documentation and reporting.
• Professional certification, such as a CISSP, CISM, CISA or other information security credentials, is preferred.

CIRCOR is an EEO Employer of Females/Minorities/Veterans/Individuals with Disabilities