A prestigious company is on the search for a Security GRC Manager. This manager will be hands on manager and will manage over 2 other people. They will support the 3rd party security vendor management program and will manage over the SOC 2 reporting. They need strong experience with security frameworks such as ISO 27001, NIST, SOC2, and SIG. The client would like someone with 7+ years of security IT experience as well as 4+ years of leadership management experience.Responsibilities:* Program management: Lead the GRC program roadmap, status reporting on initiatives, metrics, and delivery of the program services.* Policy management: Lead in the creation and maintenance of security policies, standards, processes and guidelines. Evaluate exception requests and make approval recommendations to management.* Security training and awareness: Lead and mature the security awareness and phishing program. This includes roadmap development, plan, coordinate, measure, and evaluate cyber training/education courses, methods, and techniques based on instructional needs.* Program assessments: Manage and support the 3rd Party Security Vendor Risk Management program, management of SOC2 reporting and ISO27001 certification, and assessments or security requests from clients.* Risk management: Manage control testing, issues management (findings, remediation plans, and exception requests), risk register and reporting.* Governance: Analyze and stay current with regulations that impact information security/privacy program.Qualifications* Bachelor’s degree is preferred* Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.* Seven (7) + years of direct experience (Information Security/Governance) is required.* Four (4) + years of Information Security experience required. Those containing hands on technical experience are preferred.* Four (4) + years of management experience required.* Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC2, SIG is required* Strong knowledge of risk management principles and practices is required.* Technical writing experience is required.* Business Intelligence/Analytics (Qlik, Tableau) is preferred.* Prior IT Security experience in the legal industry experience is preferred.* Experience with instructional content, educational writing, and technical writing strongly preferred.* Three (3) + years of experience managing timelines and being self-directed preferred.* Governance, Risk, and Compliance (GRC) tool management is preferred.* Client focus, including tact and diplomacy is required.* Interview, gather, and understand content from subject-matter experts* Ability to perform as primary Security Subject Matter Expert (SME) in a senior or lead capacity.* Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation.* Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm’s security program and controls.* Ability to communicate an effective security awareness message throughout the organization.* Demonstrate ability to create and maintain security policy, standard, guideline and procedure documents.* Demonstrate ability to effectively communicate deeply technical topics at an appropriate level of detail to varied audiences – including IT Subject Matter Experts, senior management and non-technical users* Additional skills mapped to Knowledge, Skills, and Abilities (KSAs) based on NIST SP 800-181.Technologies/Software* Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options.* Strong knowledge of security administration and role-based security controls.* Strong knowledge and use of GRC platforms.* Strong knowledge of Access/Identity Management technologies.* Strong knowledge of BI/Analytics tools.* Knowledge of host and network-based anti-malware technologies.* Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote.* Knowledge of client and server Firewalling technologies and capabilities.* Knowledge of security event management (SIEM), event correlation and analysis technologies.* Knowledge of data encryption technologies.* Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities.* Knowledge of web filtering and email SPAM prevention techniques.* Knowledge of vulnerability assessment and forensic investigations tools.* Knowledge of mobile device security and Mobile Device Management solutions.