Global Risk Compliance Manager (REMOTE)
Location: United States, Remote
Cyware is a venture-backed organization currently in hyper-growth mode. While Cyware is headquartered in New York City, all of our US based positions are located 100% remote. The firm was founded by innovative practitioners to solve the massive-scale cybersecurity challenges they saw daily while working for leading global banks and technology organizations.
Cyware is disrupting the cybersecurity operations market with innovation that gives the firm claim to being the far-and-away ONLY company capable of delivering technology to build cyber fusion centers for customers in large enterprises and the mid-market.
Your next opportunity starts here!
More on Cyware:
Built on innovation designed by SecOps practitioners and cybersecurity leaders, Cyware offers multiple technologies within its next-generation platform, including advanced threat intelligence solutions (TIP) for large and small security teams, vendor-agnostic security automation (SOAR), and security case management. As a result, organizations are able to increase speed and accuracy while reducing costs and analyst burnout. Cyware’s Virtual Cyber Fusion solutions make secure collaboration, information sharing, and enhanced threat visibility a reality for enterprises, sharing communities (ISAC/ISAO), MSSPs, and government agencies of all sizes and needs.
Come join an exciting cybersecurity product startup that just closed Series B funding round!
Why We’re Hiring
The Global Risk Compliance Manager is a critical position within Cyware. The candidate will act as the technical subject matter expert in maintaining information security compliance with applicable laws, licenses, and regulations in the regions that we do business. The Cyber GRC Manager will provide extensive understanding of the cybersecurity space and advise Cyware on certifications required and processes. This person will also be responsible for ensuring information security compliance across the entire global organization.
What You’ll Do
- Responsible for implementing and maintaining procedures and controls to assure security compliance with applicable regulatory, contractual, and legal requirements as well as good business practices
- Work closely with business, technology, and compliance counterparts to understand business objectives, initiatives, and ensure alignment with cybersecurity policies and best practices
- Lead the annual security program roadmap and status reporting on initiatives and KRIs. Create presentation materials and lead discussion for key stakeholder meetings.
- Ensure applicable standards and regulations pertinent to Cyware are effectively implemented and act as an advisor to all managers
- Conduct analysis of new regulations that impact the information security program.
- Coordinate external reviews and/or assessments from regulators, audit firms, and client due diligence requests.
- Own the security risk register and the ongoing management of inherent and residual information security risks.
- Prepare heat maps and analytics of known risks.
- Operationalization of a metrics and reporting function to continually report on meaningful information security risk and compliance metrics for operational and executive management
- Work closely with the VAPT team
- Create and update the hardening checklist
- Conduct global training sessions regarding information security for Cyware’s internal team
Who You Are
- Strong oral and written communication skills
- Strong problem solving and troubleshooting skills with experience exercising mature judgement
- Excellent teamwork and interpersonal skills
- General information security experience and knowledge of general security concepts, such as defense-in-depth, least privilege, security architecture and design, threat modeling, etc.
- Experienced in collaborating at all levels of an enterprise
- Creativity and initiative in work product, positive and helpful attitude proposing solutions to resolve problems
- Professional and technical certifications desired but not required such as CISM or CISSP
- Ability to reach technical and non-technical audiences across all levels of the organization.
- Must possess basic knowledge of networking, different operating system, endpoint devices and security devices
- Work experience related to information security and/or IT operational risk management is essential, across cloud and traditional IT patterns.
- Comprehension of the regulatory and legal landscape driving privacy/information security (NY DFS, GDPR, CCPA, etc.)
- Experience in leading organizations through Information Security audits and certifications (SOC 2, FedRamp, ISO, etc.)
- A solid understanding of current technology capabilities, and a keen interest in staying abreast of emerging technology trends and information security domains
- Experience in contracting, implementing, and managing security service providers.
- Experience with implementing and managing GRC software solutions for Information Security use cases.
- Manage end-to-end portfolio delivery in terms of schedule, cost, scope and quality; anticipate risks and issues that may arise during the delivery of the portfolio process and ensure that appropriate mitigation actions are in place
- Design, measure and assess key performance metrics to inform data-driven decisions
- Demonstrate accountability; lead people with passion, enthusiasm, loyalty and integrity
- Knowledge of business continuity framework and standards
We’re a lean team, so your impact will be felt immediately. If this all sounds like a good fit for you, why not join us?
You’ll love working at Cyware because:
- We value balance. We are committed to providing an environment in which you can balance great work with a great life. You’ll have a competitive PTO structure and holidays covered.
- We’re not just employees. We’re people. We offer 401(k) match, insurance coverage (health, vision, and dental), and reimbursements for your home office.
- We’ll invest in your career. Our company’s growing quickly, and we’ll give you the opportunity to do the same. You’ll have access to a number of professional development opportunities so that you can keep up with the company’s evolving needs.
- We offer competitive compensation packages. We deeply value the talent our team brings to the table and believe that fair and equitable total compensation packages are part of our commitment to everyone who works here.
- And so much more
Cyware is dedicated to hiring a diverse workplace that celebrates an inclusive culture and a sense of belonging. As an equal opportunity employer, we do not discriminate based on race, color, religion, sex (including pregnancy, gender identity, gender expression, and sexual orientation), national origin, age, veteran status, genetic information or disability.