Cradlepoint has an immediate opening for a Director Information Security Governance, Risk & Compliance to support our Global Information Security function. As the Director, GRC you will be working with the business and information technology functions at Cradlepoint and our business units to enable Cradlepoint's Global Information Security program, serving as a bi-directional liaison with cyber security stakeholders. You will work to weave cyber security into all IT and business projects and functions, while enabling business operations and missions. The Director, GRC will leverage knowledge of best practices to be able to support applicable regulatory, policy, standards and legal requirements, while overseeing formal risk assessments and self-assessments for various Information systems and processes. The Director, GRC will coordinate assesments, advise on cyber security policies, and serve as the liaison on cyber security incident response and reporting. Additionally, you will work with various business units to improve their information security postures by ensuring the consistent application of Cradlepoint policy and procedures. This role will require a keen understanding of business key assets and processes, unique business requirements, the Cradlepoint information security program and combining this information to address residual risk by recommending security enhancements within the area of responsibility.
- Manage a team of Global Information Security GRC resources
- Perform risk assessments in accordance with the company assessment methodology.
- Oversee adherence to security policies, standards, guidelines and baselines.
- Provide remediation recommendations and/or recommend alternate solutions to resolve gaps against Policy & Standards.
- Liaise with threat intelligence and vulnerability management teams to drive remediation of security of vulnerabilities.
- Ensure policies are communicated regularly to stakeholders and customers.
- Promote and monitor our corporate security awareness program.
- Identify ways to further protect Cradlepoint data through the knowledge of Cradlepoint processes, systems, and partnerships in both current and future states.
- Provide senior leadership to business units for the implementation of the Cradlepoint Information Security policy, procedures, and standards throughout their business.
- Direct the risk assessment and processing of exceptions to standard baselines or Cradlepoint policy
- Proactively identify information security deficiencies or opportunities for improvement to better enable business security at the global level.
- Provide communication or escalation path for information security issues identified by Global Information Security or the business themselves.
- Provide regular, timely reporting on the information security status across Cradlepoint
- Support acquisition due diligence for information security risks and support control design for integration.
- Participate in reporting requirements, monthly/quarterly status meetings and offsites as appropriate.
- Provide subject matter expertise on GRC issues to Information Security leadership.
- Represent the Global CISO at meetings and act on behalf of as requested.
- Authority to direct the implementation of Cradlepoint Global Information Security policy, procedures, and standards within Cradlepoint business units and supporting organizations.
- Authority to direct resources to respond to information security incidents or critical deficiencies to ensure secure operations of Cradlepoint information systems.
- Authority to recommend decisions on areas of responsibility to the Global CISO.
- Accountable to CISO for the efficient and effective execution of position responsibilities.
- Accountable to CISO to meet all performance objectives.
- Accountable to peer employees to ensure all job resource requirements are met and appropriate performance feedback is delivered in a timely manner
- Accountable to staff to provide leadership and guidance in function and ensure appropriate performance feedback is delivered in a timely manner
- Bachelor's degree in Information Systems, Cybersecurity, or a related field and minimum 10 years of relevant experience. Additional years of relevant experience will be considered in lieu of a degree.
- At least 3-5 years of leading cyber security or technology teams
- At least 5-7 years of documenting and implementing security policies, standards, and/or controls
- Expert understanding of security best practices such as NIST CSF, NIST 800-53, ISO27001 and PCI DSS. Previous experience working with one of these frameworks
- Expert level of Information Security policy development and process creation
- Knowledge of global regulatory standards to include GDPR, experience in the technology sector or with digital business highly preferred
- CISSP, CRISC, CISM, CISA or GIAC certifications beneficial
- Familiar with GRC tools such as RSA Archer, RSAM, MetricStream, ServiceNow, ZenGRC
- Familiar with 3rd Party risk assessment and related tools such as CyberGRX, SecurityScorecard
- Ability to demonstrate security experience via certifications or significant career accomplishments
- Demonstrated ability to apply organizational information security policies
- Comfortable with interfacing with other internal or external organizations regarding security policy and standards violations, security controls failure, and incident response situations
- Strong experience developing methods and procedures for risk analysis and mitigation to include Vulnerability Management (VM)
- IT Audit, internal Audit and/or risk advisory experience is a plus
- Comfortable working with ambiguity is a must
- Self-motivated and willing to take on challenges while adapting to an ever-changing operational environment.
- Excellent analytical and problem-solving skills
- Strong business acumen to quickly learn new business processes and understand how application performance requirements support the business in achieving revenue and profit goals.
- Excellent collaboration skills - must be eager to work as part of a cohesive team and work as a partner to other teams within Cradlepoint, Inc., locally and globally
- Exceptional communication skills, including the ability to gather relevant data and information, actively listen, dialogue freely, verbalize ideas effectively, negotiate tense situations successfully, and manage and resolve conflict
- Proven presentation and facilitation skills
- Must excel working in team-oriented roles that rely on ability to collaborate with others
Cradlepoint is an Equal Opportunity Employer and does not discriminate on the basis of race, color, religion, sex, marital status, national origin, age, sexual orientation, handicap, disability, or any other protected class status pursuant to applicable law.
This job has expired.