IT Security and Risk Compliance Manager

- Lead enterprise-wide cybersecurity risk assessments across various business units and IT domains - Maintain and ensure the accuracy of the enterprise risk register, regularly updated with stakeholder contributions - Collaborate with business and IT leaders to define corporate risk tolerance levels - Translate technical risk findings into practical and relevant business recommendations - Identify and escalate systemic risks that may significantly impact operations or compliance - Monitor industry trends, threat intelligence, and regulatory changes to adapt the risk posture accordingly - Deliver concise and timely risk reports and dashboards to senior leadership and governance bodies - Implement structured risk governance processes, including review cycles and escalation procedures - Enhance risk management efficiency through automated GRC tools and data analytics - Develop key performance indicators (KPIs) and key risk indicators (KRIs) for the security organization and maintain tactical and strategic dashboards - Oversee GRC team operations, allocating tasks, setting priorities, and ensuring effective collaboration - Foster a high-performing, collaborative team culture through coaching and development - Lead collaboration with IT and business leaders to identify critical applications, and conduct comprehensive business impact analyses - Create dependency mappings for crucial systems in conjunction with application and infrastructure teams - Document recovery procedures and lead exercises to test recovery plans with IT and business users - Identify gaps in the business continuity and disaster recovery (BC/DR) program and oversee remediation efforts - Partner with procurement and legal teams to mitigate supply chain risks through third-party risk management - Manage external vendor risk processes, from assessments to reviews, and continuously seek improvement - Escalate high-risk vendor concerns to leadership and collaborate on mitigation strategies - Own vendor incident response governance programs and ensure compliance with security requirements - Oversee internal and external audits and act as the primary liaison for the GRC function - Manage the policy lifecycle to ensure compliance with frameworks such as NIST and PCI DSS - Administer company-wide security training programs, assessing and addressing educational needs - Establish metrics to gauge the success of training initiatives and enhance the curriculum over time