Black & Veatch Corporation
Senior Cyber Risk & Compliance Manager
Black & Veatch Corporation, Overland Park, Kansas, United States, 66213
Together, we own our company, our future, and our shared success.
As an employee-owned company, our people
are
Black & Veatch. We put them at the center of everything we do and empower them to grow, explore new possibilities and use their diverse talents and perspectives to solve humanity's biggest challenges in an ever-evolving world. With over 100 years of innovation in sustainable infrastructure and our expertise in engineering, procurement, consulting and construction, together we are building a world of difference.
Company :
Black & Veatch Corporation
Req Id :
105398
Opportunity Type :
Staff
Relocation eligible :
No
Full time/Part time :
Full-Time
Project Only Hire :
No
Visa Sponsorship Available:
No
Why Black and VeatchRecognized by Glassdoor as a 2023 Top 100 place to work , Black & Veatch allows you to lend your talent and perspective to humanity’s biggest challenges in a flexible environment where you are empowered to grow and explore new possibilities. We offer competitive compensation; 401K match and benefits that start day 1. Our hybrid environment allows you to balance your work and personal life.
At Black & Veatch, you own your career with purpose and meaning. You are empowered to grow and explore new possibilities at every step of your career journey. Bring your big ideas knowing you are safe to be who you are and speak up with concerns or questions and put your diverse talents and perspectives to use.
The OpportunityThe
Senior Cyber Risk & Compliance Manager
will be responsible to establish and maintain the Governance, Risk and Compliance; and Privacy Program. In this role, the Compliance Manager will have the opportunity to develop and maintain Policies, Standards, Security baselines, Risk framework & treatment strategy, maintenance of compliance framework, Privacy policies and procedures, as well as build & measure KRI & KPI metrics for compliance. Additionally, the Compliance Manager will execute the planning and performance of risk assessments, while working directly with the technical and business stakeholders to identify appropriate risk factors, assess the adequacy of existing controls, assist and drive remediation of control weaknesses to ensure compliance requirements are maintained.
Key Responsibilities
Develop, implement, mature and champion risk management framework and processes to manage risk and control activities including risk identification, measurement, prioritization, and mitigation
Develop and evangelize and execute on GRC strategy and roadmap through effective prioritization of critical controls and initiatives
Develop and maintain the policies, standards and procedures lifecycle, document processes, risks, exceptions, issues & action plan
Establish and collaborate on risk treatment strategies, risk tolerance and risk appetite with business stakeholders
Proactively and consistently manage BV’s critical compliance frameworks, including Security Controls Framework, SOC2 Type 2, CMMC, ISO 27001, NIST CSF, GDPR, etc.
Lead and manage internal and external audits, such as scope definition, audit readiness, control domain walkthroughs, evidence collection and documentation
Proactively conduct risk assessments through continuous monitoring and working with control and process owners to identify ways to mitigate risks and improve security posture
Continuously monitor and evaluate third party risk, through vendor risk assessments and independent security reviews
Analyze and assess the current and future risk and compliance landscape, providing realistic and pragmatic risk assessments to evolve and mature the security and compliance program
Evolve and lead user behavior programs including annual security awareness training, awareness campaigns in partnership with communications team, and conduct phishing simulation and remedial training
Develop and maintain GRC tools and platform to monitor and manage risks across the organization, including risk assessment workflows, risk & control dashboard, operating effectiveness of controls, risk metrics, and remediation status
Review and negotiate contracts and third-party agreements for security and compliance obligations and for risk treatment decisions
Establish and facilitate Cyber risk and Privacy committees to provide a comprehensive view of cyber risk and privacy issues for governance and compliance
Develop and implement Privacy policies, privacy controls and oversee ongoing compliance of privacy requests, including DSAR’s, cookie consent, privacy notices, DPIA, ROPA, etc.
Manage and respond to Client security questionnaires and report on risk management issues to the business for prioritization and remediation
Work closely with legal, finance, risk management, D&IT and other departments to integrate GRC practices into all aspects of the business
Perform other duties as assigned
Management ResponsibilitiesActs in capacity of a "lead person." Does not have management responsibility for the people to whom they provide work direction.
Preferred Qualifications
Bachelor’s degree in information security or Computer Science or related field
Minimum 7 years of overall experience in Cyber Security with a focus on GRC, IT Audit, Risk Assessments & Privacy
Must have 3 years of experience in GRC, CMMC compliance, ISO 27001 compliance and SOC2 Type 2 attestation process
At least one certification such as CISSP, CISM, CISA, CRISC, CIPP
Demonstrated experience applying security and risk frameworks, regulations, and privacy such as NIST CSF/800-53/800-171, NERC CIP, CIS, CMMC, SOC2, GDPR, etc.
Experience in developing security policies and standards, risk assessments, third party risk programs, risk management, risk registries, regulatory compliance, security awareness training and testing, security metrics, privacy, and other relevant GRC areas
Knowledge of key U.S and international privacy laws and regulations, including GDPR, CASL, CCPA and willingness to learn and stay updated on privacy requirements
Experience in Risk & Control Assessment, IT audit, Supplier Risk Management, Vulnerability management, IAM and Security Architecture
Highly motivated individual with the ability to self-start, prioritize, multi-task, and has a "can-do" attitude
Knowledge of current threats and regulatory best practices in the Cyber Security and OT security
Ability to communicate and work effectively with others, harness different skills and experience, and build a strong sense of team spirit
Action and results-oriented with the ability to overcome obstacles, able to work well under deadlines in a changing environment
Ability to adjust quickly to shifting priorities, and decision-making skills with limited information
Excellent verbal communication, and interpersonal skills to document and communicate findings, escalate critical findings to stakeholders
Minimum QualificationsAll applicants must be able to complete pre-employment onboarding requirements (if selected) which may include any/all of the following: criminal/civil background check, drug screen, and motor vehicle records search, in compliance with any applicable laws and regulations.
Work Environment/Physical DemandsNormal office environment with a hybrid work schedule: 3 days in office and 2 days remote
Salary PlanITS: Information Technology Service
Job Grade007
#J-18808-Ljbffr
As an employee-owned company, our people
are
Black & Veatch. We put them at the center of everything we do and empower them to grow, explore new possibilities and use their diverse talents and perspectives to solve humanity's biggest challenges in an ever-evolving world. With over 100 years of innovation in sustainable infrastructure and our expertise in engineering, procurement, consulting and construction, together we are building a world of difference.
Company :
Black & Veatch Corporation
Req Id :
105398
Opportunity Type :
Staff
Relocation eligible :
No
Full time/Part time :
Full-Time
Project Only Hire :
No
Visa Sponsorship Available:
No
Why Black and VeatchRecognized by Glassdoor as a 2023 Top 100 place to work , Black & Veatch allows you to lend your talent and perspective to humanity’s biggest challenges in a flexible environment where you are empowered to grow and explore new possibilities. We offer competitive compensation; 401K match and benefits that start day 1. Our hybrid environment allows you to balance your work and personal life.
At Black & Veatch, you own your career with purpose and meaning. You are empowered to grow and explore new possibilities at every step of your career journey. Bring your big ideas knowing you are safe to be who you are and speak up with concerns or questions and put your diverse talents and perspectives to use.
The OpportunityThe
Senior Cyber Risk & Compliance Manager
will be responsible to establish and maintain the Governance, Risk and Compliance; and Privacy Program. In this role, the Compliance Manager will have the opportunity to develop and maintain Policies, Standards, Security baselines, Risk framework & treatment strategy, maintenance of compliance framework, Privacy policies and procedures, as well as build & measure KRI & KPI metrics for compliance. Additionally, the Compliance Manager will execute the planning and performance of risk assessments, while working directly with the technical and business stakeholders to identify appropriate risk factors, assess the adequacy of existing controls, assist and drive remediation of control weaknesses to ensure compliance requirements are maintained.
Key Responsibilities
Develop, implement, mature and champion risk management framework and processes to manage risk and control activities including risk identification, measurement, prioritization, and mitigation
Develop and evangelize and execute on GRC strategy and roadmap through effective prioritization of critical controls and initiatives
Develop and maintain the policies, standards and procedures lifecycle, document processes, risks, exceptions, issues & action plan
Establish and collaborate on risk treatment strategies, risk tolerance and risk appetite with business stakeholders
Proactively and consistently manage BV’s critical compliance frameworks, including Security Controls Framework, SOC2 Type 2, CMMC, ISO 27001, NIST CSF, GDPR, etc.
Lead and manage internal and external audits, such as scope definition, audit readiness, control domain walkthroughs, evidence collection and documentation
Proactively conduct risk assessments through continuous monitoring and working with control and process owners to identify ways to mitigate risks and improve security posture
Continuously monitor and evaluate third party risk, through vendor risk assessments and independent security reviews
Analyze and assess the current and future risk and compliance landscape, providing realistic and pragmatic risk assessments to evolve and mature the security and compliance program
Evolve and lead user behavior programs including annual security awareness training, awareness campaigns in partnership with communications team, and conduct phishing simulation and remedial training
Develop and maintain GRC tools and platform to monitor and manage risks across the organization, including risk assessment workflows, risk & control dashboard, operating effectiveness of controls, risk metrics, and remediation status
Review and negotiate contracts and third-party agreements for security and compliance obligations and for risk treatment decisions
Establish and facilitate Cyber risk and Privacy committees to provide a comprehensive view of cyber risk and privacy issues for governance and compliance
Develop and implement Privacy policies, privacy controls and oversee ongoing compliance of privacy requests, including DSAR’s, cookie consent, privacy notices, DPIA, ROPA, etc.
Manage and respond to Client security questionnaires and report on risk management issues to the business for prioritization and remediation
Work closely with legal, finance, risk management, D&IT and other departments to integrate GRC practices into all aspects of the business
Perform other duties as assigned
Management ResponsibilitiesActs in capacity of a "lead person." Does not have management responsibility for the people to whom they provide work direction.
Preferred Qualifications
Bachelor’s degree in information security or Computer Science or related field
Minimum 7 years of overall experience in Cyber Security with a focus on GRC, IT Audit, Risk Assessments & Privacy
Must have 3 years of experience in GRC, CMMC compliance, ISO 27001 compliance and SOC2 Type 2 attestation process
At least one certification such as CISSP, CISM, CISA, CRISC, CIPP
Demonstrated experience applying security and risk frameworks, regulations, and privacy such as NIST CSF/800-53/800-171, NERC CIP, CIS, CMMC, SOC2, GDPR, etc.
Experience in developing security policies and standards, risk assessments, third party risk programs, risk management, risk registries, regulatory compliance, security awareness training and testing, security metrics, privacy, and other relevant GRC areas
Knowledge of key U.S and international privacy laws and regulations, including GDPR, CASL, CCPA and willingness to learn and stay updated on privacy requirements
Experience in Risk & Control Assessment, IT audit, Supplier Risk Management, Vulnerability management, IAM and Security Architecture
Highly motivated individual with the ability to self-start, prioritize, multi-task, and has a "can-do" attitude
Knowledge of current threats and regulatory best practices in the Cyber Security and OT security
Ability to communicate and work effectively with others, harness different skills and experience, and build a strong sense of team spirit
Action and results-oriented with the ability to overcome obstacles, able to work well under deadlines in a changing environment
Ability to adjust quickly to shifting priorities, and decision-making skills with limited information
Excellent verbal communication, and interpersonal skills to document and communicate findings, escalate critical findings to stakeholders
Minimum QualificationsAll applicants must be able to complete pre-employment onboarding requirements (if selected) which may include any/all of the following: criminal/civil background check, drug screen, and motor vehicle records search, in compliance with any applicable laws and regulations.
Work Environment/Physical DemandsNormal office environment with a hybrid work schedule: 3 days in office and 2 days remote
Salary PlanITS: Information Technology Service
Job Grade007
#J-18808-Ljbffr