Senior Risk Management / GRC Manager

Summary:

The Governance, Risk and Compliance (GRC) Manager will be responsible for developing, implementing, and maintaining the organization’s security and governance, risk management, and compliance programs within the Risk Function of zerohash in Europe, with a particular focus on DORA compliance. This role requires a deep technical understanding of IT security measures and risk management practices to ensure the security and integrity of the company's systems and data, align operations with regulatory requirements, and mitigate IT risks.

Key Roles and Responsibilities:

Compliance:

• Provide day to day ownership and management of the company’s compliance with DORA.
• Stay current on and compliant with relevant laws, regulations, and industry standards related to IT security and compliance such as DORA, GDPR, NY DFS Part 500, and others.
• Manage technical compliance programs and initiatives.
• Conduct compliance assessments to evaluate adherence to regulatory requirements and internal policies.
• Prepare compliance reports and documentation for regulatory audits and review.

Governance:

• Develop and maintain governance policies, procedures, and standards in alignment with industry best practices and regulatory requirements.
• Develop and maintain governance frameworks, technical policies, and procedures.
• Manage governance frameworks such as ISO 27001, SOC 1, SOC 2, etc., in coordination with global zerohash security and audit staff, to ensure effective IT governance across the organization.
• Coordinate with key stakeholders to establish governance committees and facilitate regular meetings to review and update policies and procedures.
• Facilitate governance structures and technical committees.

Technical IT Security Management:

• Develop and implement advanced IT security strategies and solutions.
• Manage and monitor security systems, including firewalls, intrusion detection systems, and endpoint protection.
• Conduct detailed security assessments, vulnerability scans, and penetration tests.
• Respond to and resolve complex security incidents, including conducting forensic investigations and root cause analysis.
• Ensure the implementation of security controls and best practices across IT systems and networks.

Risk Management:

• Identify, assess, and prioritize technical risks, in coordination with the global Risk function.
• Develop and implement risk management strategies and technical mitigation plans.
• Conduct regular technical risk assessments and identify potential threats and vulnerabilities within zerohash infrastructure.
• Develop risk mitigation strategies and action plans to address identified risks.
• Monitor and track risk mitigation activities to ensure timely resolution and compliance with established policies and procedures.
• Monitor and report on the status of technical risks and control effectiveness.

Policy and Procedure Development:

• Develop, implement, and maintain technical security policies and procedures.
• Ensure technical policies and procedures are communicated and enforced across the organization.

Incident Management:

• Oversee the technical incident management process, in coordination with global zerohash response teams.
• Ensure timely identification, reporting, and resolution of technical security incidents.
• Conduct root cause analysis and implement corrective technical actions.

Security Awareness:

• Develop and deliver technical security, governance, risk, and compliance training programs.
• Collaborate with the security team to develop and deliver training programs on governance, risk management, and compliance.
• Promote a culture of security awareness and compliance throughout the organization.

Stakeholder Engagement:

• Collaborate with internal and external stakeholders, including auditors, regulators, and technical teams.
• Provide technical guidance and support to management and staff on security and GRC-related matters.

Reporting:

• Prepare and present regular technical reports on security, governance, risk, and compliance to senior management and the board of directors.
• Maintain accurate technical records and documentation.

Requirements

• Prior experience in a Risk Management / GRC leadership role is required.
• Prior experience with the Digital Operational Resilience Act (DORA) is required.
• Professional certifications such as CISSP, CISM, CRISC or CISA is a plus.
• Proven experience in technical IT security, governance, risk management, and compliance roles.
• Strong technical knowledge of IT governance frameworks, regulatory requirements, and best practices.
• Experience with SOC 1, SOC 2, and ISO 27001 is strongly preferred.
• Strong analytical and problem-solving skills with attention to detail.
• Ability to manage multiple technical projects and priorities in a fast-paced environment.
• Experience with technical security and GRC tools and software.
• Excellent communication and interpersonal skills, with the ability to collaborate effectively with cross-functional teams.
• Proficiency in risk assessment methodologies and tools.
• Experience with IT audit processes and procedures.
• Knowledge of other relevant laws and regulations such as GDPR, NYDFS Part 500, etc. is a plus.

Originally posted on Himalayas