• The candidate will act as the technical subject matter expert in maintaining information security compliance with applicable laws, licenses, and regulations in the regions that we do business
• Strong oral and written communication skills
• Strong problem solving and troubleshooting skills with experience exercising mature judgement
• Excellent teamwork and interpersonal skills
• General information security experience and knowledge of general security concepts, such as defense-in-depth, least privilege, security architecture and design, threat modeling, etc
• Experienced in collaborating at all levels of an enterprise
• Creativity and initiative in work product, positive and helpful attitude proposing solutions to resolve problems
• Ability to reach technical and non-technical audiences across all levels of the organization
• Must possess basic knowledge of networking, different operating system, endpoint devices and security devices
• Work experience related to information security and/or IT operational risk management is essential, across cloud and traditional IT patterns
• Comprehension of the regulatory and legal landscape driving privacy/information security (NY DFS, GDPR, CCPA, etc.)
• Experience in leading organizations through Information Security audits and certifications (SOC 2, FedRamp, ISO, etc.)
• A solid understanding of current technology capabilities, and a keen interest in staying abreast of emerging technology trends and information security domains
• Experience in contracting, implementing, and managing security service providers
• Experience with implementing and managing GRC software solutions for Information Security use cases
• Manage end-to-end portfolio delivery in terms of schedule, cost, scope and quality; anticipate risks and issues that may arise during the delivery of the portfolio process and ensure that appropriate mitigation actions are in place
• Design, measure and assess key performance metrics to inform data-driven decisions
• Demonstrate accountability; lead people with passion, enthusiasm, loyalty and integrity
• Knowledge of business continuity framework and standards

Desirable

• The Cyber GRC Manager will provide extensive understanding of the cybersecurity space and advise Cyware on certifications required and processes
• Responsible for implementing and maintaining procedures and controls to assure security compliance with applicable regulatory, contractual, and legal requirements as well as good business practices
• Work closely with business, technology, and compliance counterparts to understand business objectives, initiatives, and ensure alignment with cybersecurity policies and best practices
• Lead the annual security program roadmap and status reporting on initiatives and KRIs. Create presentation materials and lead discussion for key stakeholder meetings
• Ensure applicable standards and regulations pertinent to Cyware are effectively implemented and act as an advisor to all managers
• Conduct analysis of new regulations that impact the information security program
• Coordinate external reviews and/or assessments from regulators, audit firms, and client due diligence requests
• Own the security risk register and the ongoing management of inherent and residual information security risks
• Prepare heat maps and analytics of known risks
• Operationalization of a metrics and reporting function to continually report on meaningful information security risk and compliance metrics for operational and executive management
• Work closely with the VAPT team
• Create and update the hardening checklist
• Conduct global training sessions regarding information security for Cyware’s internal team
• Other duties as assigned by management