Employer: Tanium

The Basics:

Tanium is looking for a Security GRC Manager to join the information security team. This is 100% remote position reporting directly to CISO.

The GRC leader with strong knowledge of security frameworks, controls and audit techniques, but wants to change how compliance is implemented and maintained. An innovator with a drive to improve the customer experience by easing operational burdens associated with compliance and producing transparency across the security landscape. Highly organized and detail-oriented with excellent communication skills and a strong bias towards getting things done. An advocate of continuous improvement and challenging the status quo.

As a leader within the Information Security Team, the Information GRC Manager takes a significant role in actively promoting a culture of information security throughout the organization.

The GRC Manager is a multifunctional role, working in conjunction with various teams across different business units, enhancing and enriching the organization’s internal and external services.

What you’ll do:

  • Proactively manage the firm’s ISO 27001 Information Security Management System ensuring continual compliance and ongoing eligibility for annual recertification.
  • Maintain & monitor compliance with the Information security policies and procedures.
  • Recommend changes/enhancements to the Tanium policies/procedures based upon the evolving threat landscape
  • Develop and manage the firm’s vendor risk quantification & management program
  • Manage & improve process to respond to client audit and related requests in a timely manner
  • Oversee third party technical risk assessments and related audit activity
  • Serve as a subject matter expert for information security risk management principles and practices.
  • Perform internal technical risk assessments/audits
  • Produce and maintain information security documentation including, but not limited to policies, procedures, standards, guidelines and diagrams
  • Proactively assesses potential items of risk and opportunities
  • Promote a culture of information security across all business units
  • Understand the role of systems and technology within the firm and the value they deliver to the business
  • Oversee readiness for external audits such as FedRAMP, CMMC, SOC2/Type2.

We’re looking for someone with:

  • Education
    • Bachelor’s Degree in Computer Science, IT or other relevant degree or equivalent work experience
  • Experience
    • Strong knowledge of ISO 27001
    • Strong knowledge of FedRAMP, NIST 800-53, CMMC, NIST 800-171.
    • Strong knowledge of the global data security regulatory environment
    • Strong knowledge of global privacy regulations and requirements.
    • Propensity for making analytical risk-based decisions and recommendations
    • Ability to convey complex information in a clear and concise manner both verbally and in written form