Information Security Governance, Compliance, and Risk (GRC) Program Manager
Gibbs & Cox

Arlington, Virginia

Posted in Defence and Military


This job has expired.

Job Info


Join a team with EXCELLENCE, LOYALTY and INTEGRITY!

Gibbs & Cox is an independent engineering and design firm specializing in naval architecture, marine engineering, management support, and engineering consulting. The firm is headquartered in Arlington, Virginia with offices in New York City, New Orleans, LA, Newport News, VA, Chesapeake, VA, Philadelphia, PA, and Yarralumla, Australia. Gibbs & Cox is the largest independent and privately-owned Naval Architecture and Marine Engineering Firm in the United States, and has been serving government, commercial, and recreational markets worldwide since 1929. Our quality system is certified to ISO 9001:2015 for design, engineering, program management, and administrative services.

Gibbs & Cox is an EEO/An Affirmative Action M/F/D/V Employer

General Description:
We are seeking an experienced Information Technology (IT) / Information Security (IS) Governance, Risk, and Compliance (GRC) Program Manager to join our team.
This is a hands-on role where you'll be interfacing directly with all parts of the business, our clients, and our internal IT/IS teams. In this role, you'll have an opportunity to make a significant impact by expanding our compliance program as we continue to grow.
The ideal candidate has experience managing an enterprise GRC program anchored on US/USG/DoD policies and requirements, bridging communication with other departments, generating GRC requirements, managing implementation plans, and implementing solutions that are aligned with our company's objectives. A successful applicant will demonstrate the ability to ensure smooth, secure, and consistently updated GRC policies/programs within our rapidly growing organization.

As the IT/IS GRC Program Manager, you are responsible for implementing, maturing, and managing the entire IT/IS GRC program and ensuring that Gibbs & Cox meet the expectations of our clients and regulators. You will also work closely with senior leadership to develop technology policies with a focus on process and documentation is a key aspect of this role as we continue to technologically grow as a company.

Key Responsibilities:

  • Overseeing all Governance, Risk, and Compliance (GRC) operations across several geographically distributed offices.
  • Creating a clear and progressive company GRC roadmap to address all current and future IT/IS needs.
  • Execute, maintain and expand our information security compliance program: mature our processes for managing security and compliance policies
  • Own compliance policies and processes for data security and privacy (such as SOC2, GDPR, ISO270091, and potentially more)
  • Develop and oversee control systems to prevent or deal with violations of legal guidelines and internal policies
  • Evaluate the efficiency of controls and improve them continuously
  • Revise procedures, reports etc. periodically to identify hidden risks or non-conformity issues
  • Draft, modify and implement company policies
  • Interface with customers and sales prospects to address pre-sales security and compliance questionnaires and attract customers by maintaining modern compliance programs
  • Manage customer and internal audits
  • Work with external auditors and coordinate audits internally
  • Manage proactive customer communication regarding security issues.
  • Performing vendor risk assessments before and after onboarding new vendors
  • Design and monitor controls and address violations and gaps
  • Assess the business's future ventures to identify possible compliance risks
  • Coordinate compliance work streams across all functional areas of Frame.io
Minimum Skills Requirements:
  • Minimum of 5 years managing/leading/contributing to an enterprise GRC program.
  • Broad familiarity with International/US Government/DoD compliance frameworks such as GDPR, DFARS 7012/7019, CMMC, and ISO2700.
  • Experience with privacy laws and compliance frameworks
  • Experience in building internal audit and compliance teams
  • Strong experience in performing risk assessments (product, vendors etc.)
  • Experience interfacing with enterprise customers in a compliance role
  • Excellent knowledge of reporting procedures and record keeping
  • Excellent communication skill
  • Strong organizational skills and attention to detail

Education:
  • Bachelor's degree in a related field. Master's degree preferred.
Certifications:
  • CRISC/CISM/CISA

Technical Qualifications
  • Minimum of 5 years managing/leading/contributing to a successful enterprise GRC program.
  • Broad familiarity with International/US Government/DoD compliance frameworks such as GDPR, DFARS 7012/7019, CMMC, and ISO2700.
Required Personal Attributes:
  • Sound working knowledge of IT operations, systems, and developments.
  • Excellent communication and interpersonal skills.
  • Strong leadership and project management skills.
  • Strong analytical and problem-solving skills.
  • Sense of urgency, with the ability to work well under pressure.
  • Experience in a start-up and/or hyper-growth company.

Security Requirements:
Clearable to the DoD SECRET level

Active clearance preferred


This job has expired.

More Defence and Military jobs



Get Hired Faster

Subscribe to job alerts and upload your resume!

*By registering with our site, you agree to our
Terms and Privacy Policy.