ARCO a Family of Construction Companies
GRC Security Lead
ARCO a Family of Construction Companies, Saint Louis, Missouri, United States, 63146
ABOUT YOU:Do you have a passion for enabling business with secure, top-tier technology? Do you thrive in a fast paced and ever-evolving environment? Then we have the next career move for you! Who are we? We are ARCO, a Family of Construction Companies.
The Governance, Risk, and Compliance (GRC) Security Lead is responsible for supporting the security direction of the business and elevating the company’s security posture. The role oversees the businesses’ security requirements and obligations mandated by standards and regulatory obligations. The GRC Security Lead assesses and validates the assurance of the security program and acts as a primary point of contact for auditors. The GRC Security Lead monitors progress and enforces resolution of outstanding issues that may lead to non-compliance or security threats to the business. The GRC Security Lead is also responsible for the design and maintenance of security policy. As a key member of the security team, the GRC Security Lead must focus on strong risk management and resiliency and not be driven solely by compliance.
WHAT WE CAN OFFER YOU:We are dedicated to the well-being of our associates and are proud to be consistently recognized as a Best Place to Work. Our compensation and benefits package not only supports our associates and their families but benefits local communities and communities around the world.
Industry-leading performance-based bonus program
100% company funded retirement contributions
Traditional and Roth 401k
Tuition reimbursement for associates
Scholarship for associates’ children up to $28,000 per child
1-month paid sabbatical after every five years of employment, plus $5,000 for travel
1-week paid volunteer leave each year
100% charitable match
Medical, dental, and vision insurance coverage
100% paid 12-week maternity leave
At ARCO, our first core value is to treat people fairly and do the right thing. We are committed to building and sustaining a culture that supports diversity and inclusion. We are proud to be an equal opportunity employer, and all qualified applicants will receive consideration for employment.
From recruiting, training, and hiring practices to selecting our subcontractors, we understand that diversity of all those involved in the construction process enhances our ability to deliver the best solutions to our customers. We hire the best and the brightest from across the country – constructing a team of experts in architecture, design, engineering, project management, and business services.
A DAY IN THE LIFE:
Maintain oversight and reporting for Governance, Risk, and Compliance activities
Identify strengths and weaknesses in the security program as they relate to privacy, security, business resiliency, and compliance frameworks
Document, formulate and enforce areas of security improvement that balance risk with business operations and not diminish efficiencies or innovation
Maintain oversight of third parties, vendors, and business partners to safeguard against undue risk presented by external entities. Escalate to security management and business leads when weaknesses are discovered
Monitor current and proposed security changes impacting regulatory, privacy and security industry best practice guidance
Define qualitative and quantitative metrics to assess the success of the security program and provide regular reports to leadership
Work with security and risk management leaders to perform ongoing security program assessments and create strategic technology directives
Attend and engage in change management and project management meetings
Oversee the businesses security requirements and obligations mandated by standards and regulatory regulations including CMMC, NIST 800-171.
Assess and validate the assurance of the security program as a primary point of contact for internal and external auditors
Monitor progress and enforce resolution of outstanding issues that may lead to non-compliance or security threats to the business
Focus on strong risk management and corporate resiliency and not be driven solely by compliance
NECESSARY QUALIFICATIONS:
5-8 years experience in cyber security as a practitioner and with at least 2-4 years exposure with various security frameworks
Strong business acumen and security technology as well as proven ability to align with security practices and compliance responsibilities, including but not limited to HIPAA, GDPR, CMMC, and NIST 800-171.
Exceptional written and verbal communication skills, and proven ability to translate security and risk to all levels of the business
Working knowledge of technology such as cloud computing and application security as well as an up-to-date understanding of incident response, system configuration, vulnerability management, and hardening guidelines
Preferred experience with cloud environments such as Azure
Demonstrated problem solving capabilities and ability to manage complex local and international security requirements.
Self-motivated, directed, and well organized, with the vision to position controls in anticipation of threats
#J-18808-Ljbffr
The Governance, Risk, and Compliance (GRC) Security Lead is responsible for supporting the security direction of the business and elevating the company’s security posture. The role oversees the businesses’ security requirements and obligations mandated by standards and regulatory obligations. The GRC Security Lead assesses and validates the assurance of the security program and acts as a primary point of contact for auditors. The GRC Security Lead monitors progress and enforces resolution of outstanding issues that may lead to non-compliance or security threats to the business. The GRC Security Lead is also responsible for the design and maintenance of security policy. As a key member of the security team, the GRC Security Lead must focus on strong risk management and resiliency and not be driven solely by compliance.
WHAT WE CAN OFFER YOU:We are dedicated to the well-being of our associates and are proud to be consistently recognized as a Best Place to Work. Our compensation and benefits package not only supports our associates and their families but benefits local communities and communities around the world.
Industry-leading performance-based bonus program
100% company funded retirement contributions
Traditional and Roth 401k
Tuition reimbursement for associates
Scholarship for associates’ children up to $28,000 per child
1-month paid sabbatical after every five years of employment, plus $5,000 for travel
1-week paid volunteer leave each year
100% charitable match
Medical, dental, and vision insurance coverage
100% paid 12-week maternity leave
At ARCO, our first core value is to treat people fairly and do the right thing. We are committed to building and sustaining a culture that supports diversity and inclusion. We are proud to be an equal opportunity employer, and all qualified applicants will receive consideration for employment.
From recruiting, training, and hiring practices to selecting our subcontractors, we understand that diversity of all those involved in the construction process enhances our ability to deliver the best solutions to our customers. We hire the best and the brightest from across the country – constructing a team of experts in architecture, design, engineering, project management, and business services.
A DAY IN THE LIFE:
Maintain oversight and reporting for Governance, Risk, and Compliance activities
Identify strengths and weaknesses in the security program as they relate to privacy, security, business resiliency, and compliance frameworks
Document, formulate and enforce areas of security improvement that balance risk with business operations and not diminish efficiencies or innovation
Maintain oversight of third parties, vendors, and business partners to safeguard against undue risk presented by external entities. Escalate to security management and business leads when weaknesses are discovered
Monitor current and proposed security changes impacting regulatory, privacy and security industry best practice guidance
Define qualitative and quantitative metrics to assess the success of the security program and provide regular reports to leadership
Work with security and risk management leaders to perform ongoing security program assessments and create strategic technology directives
Attend and engage in change management and project management meetings
Oversee the businesses security requirements and obligations mandated by standards and regulatory regulations including CMMC, NIST 800-171.
Assess and validate the assurance of the security program as a primary point of contact for internal and external auditors
Monitor progress and enforce resolution of outstanding issues that may lead to non-compliance or security threats to the business
Focus on strong risk management and corporate resiliency and not be driven solely by compliance
NECESSARY QUALIFICATIONS:
5-8 years experience in cyber security as a practitioner and with at least 2-4 years exposure with various security frameworks
Strong business acumen and security technology as well as proven ability to align with security practices and compliance responsibilities, including but not limited to HIPAA, GDPR, CMMC, and NIST 800-171.
Exceptional written and verbal communication skills, and proven ability to translate security and risk to all levels of the business
Working knowledge of technology such as cloud computing and application security as well as an up-to-date understanding of incident response, system configuration, vulnerability management, and hardening guidelines
Preferred experience with cloud environments such as Azure
Demonstrated problem solving capabilities and ability to manage complex local and international security requirements.
Self-motivated, directed, and well organized, with the vision to position controls in anticipation of threats
#J-18808-Ljbffr