Manager, GRC Security

Here's a closer look at this key role:

• General
  • Mature the overall GRC strategy for the company, collaborating closely with other security team leaders, including LogicMonitor’s CISO
  • Manage a team of security GRC professionals to advance the overall program 
  • Collaborate with LogicMonitor’s Legal and Privacy team on common areas such as security controls for fulfilling privacy requirements
  • Program manage all GRC initiatives to achieve successful, timely completion, while working closely with stakeholders outside of the Information Security Team
  • Evolve LogicMonitor’s multi-year GRC strategy to embrace the company business strategy, market requirements, regulatory trends, industry trends, and the changing the threat landscape
  • Seek out and lead the operationalization of automation technologies to improve efficiencies and the program velocity, collaborating with other teams company-wide as appropriate.
  • Develop and operationalize metrics that quantify the effectiveness of the GRC program
• Compliance
  • Oversee the team’s progress on fulfilling technical and non-technical FedRAMP security controls
  • Oversee the completion of annual external audits and certification efforts, including SOC2 Type 2, ISO 27001/17/18, FedRAMP, Australian IRAP controls, and company investor compliance requirements
  • Oversee the operationalization of an effective and comprehensive internal audit function to ensure satisfactory annual external audit results
  • Collaborate with other teams to collect security artifacts, manage deviations and exceptions, and improve processes to ensure an effective compliance program
  • Manage the team to ensure timely addressing of any non-conformity findings and corrections, including documentation and technical tasks
• Risk management: 
  • Oversee the execution and continuous improvement of cybersecurity risk management framework, processes, procedures, and activities.
  • Oversee the benchmarking of risk management processes and dashboards with peer companies
  • Help socialize the risk management program and processes to key company stakeholders
  • Work with senior leaders to establish and improve integration of risk management processes into strategic planning processes
  • Cultivate strong working relationships with risk owners to ensure proper risk management program buy-in and accountability
  • Monitor the completeness of company initiatives and their impact to related cybersecurity risks
  • Collaborate with other security team leaders on advancing the company’s third party risk management program
• Governance:
  • Oversee IT system security consultation within cloud-based and on-premises environments in accordance with NIST SP 800-53, 800-37, ISO, and PCI.
  • Support the team’s development of System Security Plans, Continuous Monitoring, Plan of Action and Milestones, Security Controls Assessment, Risk Exposure and FIPS 199 categorization in accordance with NIST requirements.
  • Support the CISO and the Infosec Program through proposed improvements around policy creation and content, maintenance, exception handling, enforcement, and metrics analysis