Corvus is seeking a GRC Senior Manager to help build and manage Corvus’ Governance, Risk, and Compliance program. The GRC Manager, working in collaboration with the Chief Information Security Officer (CISO), will be responsible for establishing, leading, and managing Corvus’ Governance, Risk, and Compliance practices. This role will identify, prioritize, and action relevant security, regulatory, and compliance requirements and establish standards across the company. The GRC Manager will work closely with the Security, Information Technology, Engineering, and Legal teams.

Responsibilities

• Build and manage Corvus’ Governance, Risk, and Compliance program
• Establish a Third-Party Risk Management program to assess vendors, partners, and products to ensure risks are identified and managed
• Own the development and revision of policies, standards, procedures, guidelines and other documentation based on the Company’s business needs
• Implement process and tracking to monitor compliance to policies and standards. Work with subject matter experts to ensure policies and standards are comprehensive, current and appropriate to meet regulatory and security requirements
• Accountable for the response, follow through, and monitoring of any information security audits or due diligence requests
• Provide oversight and leadership to ensure that controls meet legal, regulatory, policy, standards, and security requirements for Corvus. Ensure Corvus’ management is knowledgeable of the risks of non-compliance to information security standards and regulatory requirements
• Conduct security assessments and reviews for compliance with established security standards, policies, procedures, and guidelines. Oversee the facilitation of information security risk assessment methodologies and manage information security risk assessments
• Participates in Information Security, Information Technology, and related projects driving the implementation of new process improvements and risk treatments
• Build metrics with the Security team to help measure and manage the Security program
• Maintain the Company’s information security accreditations
• Grow and oversee a future team of GRC specialists as the business grows

Qualifications

• 8+ years of professional experience in Cyber Security, Technology Risk Management,  and/or Auditing
• 4+ years of hands-on experience managing or working in a Cyber Security Governance and Risk function
• 2+ years of people management experience
• Experience building and managing a GRC program in a fast moving and growing environment
• Experience managing projects, implementing change, and tracking implementation progress
• Working understanding of security frameworks and regulatory standards such as NY DFS, NIST CSF, and CIS
• Strong communication and relationship skills. Ability to communicate security and risk implications to technical and non-technical audiences
• Comfortable performing interviews with technical personnel and business process review with non-technical personnel
• Agility in dealing with a constantly changing business environment and areas of ambiguity