Information Security GRC Manager at Prosperity Bank in Sugar Land, TXother related Employment listings - Sugar Land, TX at Geebo
Scams & Shams AdWatch Home

Sugar Land, TX   change location

Sugar Land, TX

Enter a City:
Previously visited locations:
United States;
SearchorPost
Geebo » Sugar Land, TX » Employment » Other

Information Security GRC Manager at Prosperity Bank in Sugar Land, TX

POSITION PURPOSE The Information Security Governance, Risk, and Compliance (GRC) Manager will be responsible for the corporate-wide IS GRC program. This person will work closely with Information Technology, Enterprise Risk Management (ERM), Legal, HR, Procurement and business process owners to ensure the proper information security controls are in place to minimize risk and ensure compliance with Information Security Policy, Standards and Controls, NIST and CIS Security Standards, Data Privacy regulations and the Payment Card Industry - Data Security Standards (PCI-DSS). This position is expected to be a subject matter expert in the area of assessing Information Technology and Cyber security risk , identifying emerging cybersecurity threat s and apply ing different cyber security control frameworks and standards throughout the organization, particularly related to National Institute of Standards & Technology (NIST), CIS Critical Security Controls, and Payment Card Industry Data Security Standards (PCI DSS). This person will also be responsible for the IS Policy, Standards, and Controls lifecycle, vendor and risk management programs, and liaise with intern al / external audit ors to ensure audit s lead to a successful outcome, and be responsible for the Security Exception/Risk Acceptance process. The position will also manage, maintain and administer the Information Security Awareness Training program. This position will report directly to the Information Security Officer. ESSENTIAL DUTIES AND FUNCTIONS Manage the creation of new or leading the maintenance of existing security and privacy policies, standards and specifications to ensure they are current and appropriately aligned with applicable laws, regulations, and the evolution of security risk s. Lead the security exception process, including leading the completion of security exceptions, tracking and following up on alternative mitigating action items included within approved security exceptions. Manage the security and privacy risk assessment processes for the company. This includes providing input into the risk assessment process for reviewing new software, hardware, intern ally developed systems, third parties, and newly acquired companies. The risk assessment process will provide standard deliverables for all types of risk assessments Manage the remediation of risk s identified through the risk register process and contribute towards improving the overall risk management program. It may include leading annual security assessments, completing written report s of results to be share d with ISO, CRO , CIO and other senior leaders. Manage the security and privacy compliance efforts. In particular, this role will help lead the National Institute of Technology & Standards (NIST), Payment Card Industry Data Security Standards (PCI DSS) and CIS Critical Security Controls compliance effort for the bank. This will include engaging necessary third-party audit ors to perform assessments as needed and maintaining knowledge of compliance standards as they evolve. Create and maintain key deliverables for IS and business leadership. This includes team dashboard or performance report ing. Work with the training d epa rtment on enhancing the security awareness and compliance training program. This includes leading or assisting with the coordination of an awareness program across the bank. Stay current with new technologies and best practices relative to security /privacy discipline as well as applicable federal, state, industry, and regulatory compliance. Stay involved in various external professional organizations as appropriate. Manage and conduct security risk assessments of third parties' systems and ongoing monitoring through strong execution using technical skills, knowledge, and experience Partner with legal, compliance, procurement, Technology , Vendor Management, and Business cross-functional teams to identify specific third-party risk s and recommend appropriate risk treatment action p lan s with pragmatic solutions to risk and control issues Present third-party risk s to key senior stakeholders across Technology , Business, and Security. Represent the team in discussions with other teams in the firm and coordinate across groups within the d epa rtment to deliver solutions for the team Apply a solid understanding of Information Security policies and standards to provide timely third-party assurance; apply knowledge of key regulations to influence third party review scope Make fact-based decisions using individual judgment and problem-solving. Build sound business relationships across the enterprise to enable a strong understanding and close alignment with business needs, direction, and risk appetite Treat people with dignity, respect, and fairness and holds others accountable for the same. Convey thoughts logically, simply and succinctly in written and verbal communications Report and escalate risk and key metrics. Effectively communicate third party risk s identified from due diligence or monitoring to ensure appropriate implementation of controls for accessing or handling firm information Respond appropriately to third-party cyber risk incident, the related invest igations, managing situations with discretion, sensitivity, and objectivity, and with due consideration of chain-of-custody Educate business teams on third party information risk and recommendations Support the development of third-party risk security standards and guidelines Support the maintenance and build-out of repositories, tools, and documentation for third party risk assurance ____________________________________________________________________________________ QUALIFICATIONS 5
year s experience in information security or risk management Experience with GRC tools and automation Strong knowledge with performing intern al risk assessments such as GLBA and information security maturity assessments. Understanding of qualitative vs. quantitative risk management and inherent vs. residual risk to pro perl y determine, evaluate, and report on technology risk levels. Experience with data and analytics Experience creating and utilizing KPIs and KRIs Experience with dashboards and data visualization tools Experience in process improvement and re-engineering, business requirements gathering and process flowcharts Strong understanding of risk and security threat management methodologies and regulatory requirements pertaining to information security , privacy and/or data security (DREAD, STRIDE, NIST RMF). Current and Extensive knowledge of Microsoft Technologies and cloud strategies. Demonstrate working knowledge of industry standards (NIST CSF, NIST-800-53, HITRUST, ISO, ITIL) Building and managing relationships at all levels within the organization Experience working in large/global corporate environments involving multiple businesses Banking or Financial services industry highly preferred . EDUCATION/CERTIFICATION:
A Bachelor 's Degree in Management Information Systems or Computer Science License / Registration / Certification:
CISA, CRISC, or CISSP (or equivalent) required CTPRA, CTPRP, CCSP (or equivalent) preferred
Salary Range:
 $200K -- $250K
Minimum Qualification
IT Security, Technology ManagementEstimated Salary: $20 to $28 per hour based on qualifications.

Continue

Don't Be a Victim of Fraud

  • Electronic Scams
  • Home-based jobs
  • Fake Rentals
  • Bad Buyers
  • Non-Existent Merchandise
  • Secondhand Items
  • More...

Don't Be Fooled

The fraudster will send a check to the victim who has accepted a job. The check can be for multiple reasons such as signing bonus, supplies, etc. The victim will be instructed to deposit the check and use the money for any of these reasons and then instructed to send the remaining funds to the fraudster. The check will bounce and the victim is left responsible.
© 1999-2024 Geebo, Inc. All Rights Reserved - Contact: 888-439-3113
About | Blog | Contact | Privacy Policy | Terms of Use | California Privacy Notice | Do not sell my personal info