Job description

Responsibilities require leadership experience, as well as expertise to ensure effective system-wide security analysis; intrusion detection; standards and testing; risk assessment; awareness and education; and development of policies, standards, procedures, and guidelines. This person should be able to understand and implement multi-faceted risk frameworks, assisting our business partners with making balanced decisions between risk exposure, growth, and innovation. This person should also be able to devise mechanisms to proactively identify, mitigate, and monitor risks by working with many cross-functional teams within Movement Mortgage. The Cyber Security Manager – GRC reports to the Director of Cyber Security.

How You’ll Contribute:

• Recommend programmatic and technical directions and operate with a high degree of independence in matters relating to the investigation, impact, and analysis of security incidents, decisions regarding risk, and measures for computer and network security.
• Lead the development and implementation of the system-wide risk management function of the cyber security program to ensure cyber security risks are identified and monitored.

• Internally assess, evaluate, and make recommendations to management regarding the adequacy of the security controls for Movement Mortgage’s information and technology systems.
• Lead the development and implementation of cyber security policies, standards, procedures, and overall governance based on CIS controls, NIST Cyber Security Framework, NIST 800-53, and DFS NYCRR 500.
• Work closely with the IT infrastructure and compliance team to ensure key cybersecurity risks and issues are identified, addressed, and resolved in a timely manner.
• Develop and manage training and security awareness programs.
• Develop, lead, and coordinate periodic security testing activities (e.g., penetration testing, incident response tabletops, and DR exercises), including training of DR participants on roles and duties.
• Lead internal and external audits, certification, and security questionnaire responses.
• Assist in generating internal and external relevant security metrics and reports for the Director of Cyber Security.
• Mature and automate repeatable processes to inventory, prioritize, manage, remediate, and monitor risks within the Movement Mortgage environment
• Manage a highly matrixed and fast-moving environment, including developing and socializing operating models to optimize risk and compliance engagement within Information Technology and across the Movement Mortgage enterprise
• Serve as an interpreter and liaison between Cyber Security, business analysts, and application SME teams, helping Movement Mortgage efficiently and comprehensively navigate the complexities of risk and compliance
• Manage the data, technology, and automation platforms that drive key risk and performance reporting and insights

*

Who You Are:

• 5-10 years of Cybersecurity leadership experience
• Expertise in effective system-wide security analysis
• Experience working within a structured security framework, such as NIST CSF, NIST 800-53, CIS, and/or ISO 27001
• Knowledgeable in incident response management, business continuity, and disaster recovery
• Ability to develop security standards and guidelines based on best practices and industry standards
• Experience responding to, analyzing, and communicating information security incidents
• Excellent interpersonal skills, comfortable working at all levels within an organization and in a wide variety of situations
• An ability to translate security requirements and standards into easily understood business concepts and vice versa
• Relevant experience with managing a security awareness program
• Experience working with third-party vendors and reviewing and conducting vendor assessments, and responding to vendor questionnaires
• Relevant industry certification (e.g., Security+, CISSP, CISM, ISO 27001)
• Work independently and have excellent communication skills
• Ability to design & implement security and data protection best practices
• Proficient in network security, threat intelligence, and network security controls

Bonus Points!

• Experience developing and delivering tabletop exercises

• ServiceNow ITSM Experience.

• Development of Incident response threat-based playbooks

• Experience implementing ITIL best practices within IT Service Management tools

Job Type: Full-time

Pay: $100,000.00 - $150,000.00 per year

Benefits:

• 401(k)
• 401(k) matching
• Dental insurance
• Employee assistance program
• Employee discount
• Flexible schedule
• Health insurance
• Health savings account
• Life insurance
• Professional development assistance
• Referral program
• Relocation assistance
• Vision insurance

Schedule:

• 8 hour shift

Application Question(s):

• Are you a US Citizen or GC?
• Areas they must have experience in

GRC Mgr/Sr Analyst (priority)

Business Impact Analysis

Business Continuity Plan

Incident Response Plan

Disaster Recovery Plan

Risk Assessments/Security Controls

Third Party Risk Management

License/Certification:

• CISSP (Preferred)
• Certified Information Systems Auditor (Preferred)

Work Location: Remote

jjbodyshop.com is the go-to platform for job seekers looking for the best job postings from around the web. With a focus on quality, the platform guarantees that all job postings are from reliable sources and are up-to-date. It also offers a variety of tools to help users find the perfect job for them, such as searching by location and filtering by industry. Furthermore, jjbodyshop.com provides helpful resources like resume tips and career advice to give job seekers an edge in their search. With its commitment to quality and user-friendliness, jjbodyshop.com is the ideal place to find your next job.