O'Melveny & Myers LLP
Information Security Governance, Risk and Compliance (GRC) Lead
O'Melveny & Myers LLP, Washington, District of Columbia, us, 20022
Overview O’Melveny has an immediate opening for a remote
Information Security Governance, Risk and Compliance (GRC) Lead
in one of our East Coast offices. The GRC Lead serves as the subject matter expert for firmwide Information Security GRC initiatives, collaborating with the Information Security Officer to develop, implement and coordinate GRC efforts. This role includes tracking information security risks, conducting risk analyses and mitigation options, coordinating information security metrics, and reporting to Information Security leadership. The GRC Lead enforces GRC rigor globally for firmwide information security obligations and helps advance policies and a comprehensive control framework to execute the GRC strategy.
For a complete understanding of this opportunity, and what will be required to be a successful applicant, read on. Salary range for this role in DC is
$130,000 - $160,000
and represents the firm’s good faith minimum and maximum range at the time of posting. Actual compensation will depend on experience, qualifications and location. Applications will be accepted from candidates residing in listed states. EOE M/F/D/V. No phone inquiries please. Location: East Coast offices; remote role with firmwide responsibilities. Responsibilities
Lead firmwide Information Security GRC initiatives in partnership with the Information Security team. Assist and coordinate with the ISO 27001 annual certification preparations and client audits. Track, review, and respond to external requirements such as outside counsel guidelines as needed. Oversee Information Security GRC activities and coordinate with the Information Security Officer. Serve as a subject matter expert and trusted advisor for leadership on Information Security GRC matters. Act as primary contact for responding to business unit inquiries regarding operational compliance. Collaborate with IT, legal, finance and operations to develop a cohesive Information Security GRC program. Partner with business units during solutions onboarding to ensure adequate controls are in place and enabled. Conduct regular risk assessments and analyze emerging risks across the organization. Coordinate with stakeholders to implement effective risk mitigation strategies. Maintain a strategic and comprehensive GRC program that includes policies, standards, processes and guidelines. Stay updated on regulatory changes and industry standards (ISO, NIST, GDPR, HIPAA, HITRUST, etc.). Provide guidance to teams to ensure compliance with relevant laws and regulations. Deliver GRC reports to management emphasizing compliance status, risk exposure and mitigation efforts. Oversee third-party and vendor risk as part of the organization’s risk management strategy. Document, communicate and enforce cybersecurity standards balancing risk with business operations. Document GRC activities, policies, assessments and corrective actions for audit readiness. Implement process improvements using GRC tools and methodologies to drive productivity gains. Cooperate with internal and external auditors to maintain and implement controls that meet GRC requirements. Motivate functional areas to adopt cybersecurity policies and standards. Provide leadership to strengthen business resiliency in collaboration with technical and business teams. Guide teams to align with security, audit and risk management in ongoing program assessments. Assist Information Security with projects as needed. Stay abreast of current technologies, security compliance requirements, standards, and industry trends. Perform analysis of security threats and vulnerabilities and use threat intelligence to mitigate risks. Ensure secure handling of privileged accounts and credentials. Qualifications
Five years of experience in GRC or as a cybersecurity practitioner (security analysis, compliance, risk management). Experience in a distributed and hybrid office environment. Understanding of information security and privacy frameworks: ISO/IEC 27001 required; NIST, HIPAA, HITRUST, GDPR, GLBA optional. Bachelor’s degree in Cybersecurity, Computer Science, Data Science, or a related field. Experience with tabletop exercises, disaster recovery exercises, and security control tests is ideal. Excellent analytical and problem-solving abilities. Effective written and verbal communication and ability to work independently and in multidisciplinary teams. Professional certifications are a plus (CISSP, CISM, CISA, CRISC, CGRC). We offer an excellent salary and benefits package. For more information, or to be considered for this position, please apply online at www.omm.com. Response will be given to candidates who closely meet our qualifications.
#J-18808-Ljbffr
Information Security Governance, Risk and Compliance (GRC) Lead
in one of our East Coast offices. The GRC Lead serves as the subject matter expert for firmwide Information Security GRC initiatives, collaborating with the Information Security Officer to develop, implement and coordinate GRC efforts. This role includes tracking information security risks, conducting risk analyses and mitigation options, coordinating information security metrics, and reporting to Information Security leadership. The GRC Lead enforces GRC rigor globally for firmwide information security obligations and helps advance policies and a comprehensive control framework to execute the GRC strategy.
For a complete understanding of this opportunity, and what will be required to be a successful applicant, read on. Salary range for this role in DC is
$130,000 - $160,000
and represents the firm’s good faith minimum and maximum range at the time of posting. Actual compensation will depend on experience, qualifications and location. Applications will be accepted from candidates residing in listed states. EOE M/F/D/V. No phone inquiries please. Location: East Coast offices; remote role with firmwide responsibilities. Responsibilities
Lead firmwide Information Security GRC initiatives in partnership with the Information Security team. Assist and coordinate with the ISO 27001 annual certification preparations and client audits. Track, review, and respond to external requirements such as outside counsel guidelines as needed. Oversee Information Security GRC activities and coordinate with the Information Security Officer. Serve as a subject matter expert and trusted advisor for leadership on Information Security GRC matters. Act as primary contact for responding to business unit inquiries regarding operational compliance. Collaborate with IT, legal, finance and operations to develop a cohesive Information Security GRC program. Partner with business units during solutions onboarding to ensure adequate controls are in place and enabled. Conduct regular risk assessments and analyze emerging risks across the organization. Coordinate with stakeholders to implement effective risk mitigation strategies. Maintain a strategic and comprehensive GRC program that includes policies, standards, processes and guidelines. Stay updated on regulatory changes and industry standards (ISO, NIST, GDPR, HIPAA, HITRUST, etc.). Provide guidance to teams to ensure compliance with relevant laws and regulations. Deliver GRC reports to management emphasizing compliance status, risk exposure and mitigation efforts. Oversee third-party and vendor risk as part of the organization’s risk management strategy. Document, communicate and enforce cybersecurity standards balancing risk with business operations. Document GRC activities, policies, assessments and corrective actions for audit readiness. Implement process improvements using GRC tools and methodologies to drive productivity gains. Cooperate with internal and external auditors to maintain and implement controls that meet GRC requirements. Motivate functional areas to adopt cybersecurity policies and standards. Provide leadership to strengthen business resiliency in collaboration with technical and business teams. Guide teams to align with security, audit and risk management in ongoing program assessments. Assist Information Security with projects as needed. Stay abreast of current technologies, security compliance requirements, standards, and industry trends. Perform analysis of security threats and vulnerabilities and use threat intelligence to mitigate risks. Ensure secure handling of privileged accounts and credentials. Qualifications
Five years of experience in GRC or as a cybersecurity practitioner (security analysis, compliance, risk management). Experience in a distributed and hybrid office environment. Understanding of information security and privacy frameworks: ISO/IEC 27001 required; NIST, HIPAA, HITRUST, GDPR, GLBA optional. Bachelor’s degree in Cybersecurity, Computer Science, Data Science, or a related field. Experience with tabletop exercises, disaster recovery exercises, and security control tests is ideal. Excellent analytical and problem-solving abilities. Effective written and verbal communication and ability to work independently and in multidisciplinary teams. Professional certifications are a plus (CISSP, CISM, CISA, CRISC, CGRC). We offer an excellent salary and benefits package. For more information, or to be considered for this position, please apply online at www.omm.com. Response will be given to candidates who closely meet our qualifications.
#J-18808-Ljbffr