Spanx
Manager IT Security GRC
Spanx, Atlanta, Georgia, United States, 30383
Job Description
You’ll love it because you will…
Governance Framework Implementation:
Develop and implement information security governance frameworks that align with organizational objectives and compliance requirements.
Policy and Procedure Management:
Draft, review, and update information security policies, procedures, and guidelines to ensure they remain relevant and effective.
Risk Management:
Conduct regular information security risk assessments, identify vulnerabilities, and work with relevant stakeholders to implement mitigation strategies.
Compliance and Auditing:
Ensure the organization's compliance with legal, regulatory, and contractual information security requirements. Prepare for and support internal and external audits.
Training and Awareness:
Develop and deliver information security awareness training programs to employees and stakeholders to foster a security-conscious culture.
Incident Management:
Assist in the development and maintenance of the information security incident response plan. Participate in incident response activities and post-incident analyses.
Stakeholder Engagement:
Collaborate with IT, legal, and business units to ensure information security governance initiatives are understood and supported across the organization.
Continuous Improvement:
Monitor emerging security threats, technologies, and governance practices for continuous improvement of the information security governance framework.
Act as a thought partner and independently identify opportunities for process improvement and effectively managing change.
Solicit feedback and buy-in from internal and external partners.
Qualifications:
We Require...
5+ years of relevant experience with a strong focus on governance, risk management, and compliance (GRC).
Bachelor's degree in Information Technology, Cybersecurity, Computer Science, or a related field.
Strong knowledge of Information Security and Privacy Frameworks such as ISO 27001/27002, NIST, and GDPR.
Robust knowledge of risk assessment methodologies, information security audits, and compliance assessments.
Proven success in implementing an information security program.
A highly detail-oriented individual.
Leveraging expertise to develop holistic business solutions.
The means to identify and handle ambiguity in complex situations.
Independent prioritization and self-management responsibilities.
Prior experience working cross-functionally.
Ability to simplify complex ideas.
Receptivity to feedback and buy-in from internal and external partners.
A thought partner who can pinpoint opportunities for process improvement and effectively manage change.
A progressive thinker who offers experimental thought leadership.
Additional Information
Spanx is proud of our continued Progressive People Practices…
Company Healthcare Plan:
$0.00 out of pocket (Employee only benefit). Fertility testing and treatment are included in Spanx’s medical plans, even without the diagnosis of infertility.
Parental Leave Policy:
Primary caregiver receives 16 weeks AND will have the option to work a half-time schedule (20 hours per week) for up to four additional weeks with full-time (40 hours per week) pay.
Mental Health Days:
10 days.
401K:
Matched up to 4% with immediate vesting.
PTO & Company Holidays:
PLUS two full weeks of companywide closures (one in the Spring; one between Christmas and NYE).
Flex Friday:
Year-round half day Fridays!
All your information will be kept confidential according to EEO guidelines.
#J-18808-Ljbffr
You’ll love it because you will…
Governance Framework Implementation:
Develop and implement information security governance frameworks that align with organizational objectives and compliance requirements.
Policy and Procedure Management:
Draft, review, and update information security policies, procedures, and guidelines to ensure they remain relevant and effective.
Risk Management:
Conduct regular information security risk assessments, identify vulnerabilities, and work with relevant stakeholders to implement mitigation strategies.
Compliance and Auditing:
Ensure the organization's compliance with legal, regulatory, and contractual information security requirements. Prepare for and support internal and external audits.
Training and Awareness:
Develop and deliver information security awareness training programs to employees and stakeholders to foster a security-conscious culture.
Incident Management:
Assist in the development and maintenance of the information security incident response plan. Participate in incident response activities and post-incident analyses.
Stakeholder Engagement:
Collaborate with IT, legal, and business units to ensure information security governance initiatives are understood and supported across the organization.
Continuous Improvement:
Monitor emerging security threats, technologies, and governance practices for continuous improvement of the information security governance framework.
Act as a thought partner and independently identify opportunities for process improvement and effectively managing change.
Solicit feedback and buy-in from internal and external partners.
Qualifications:
We Require...
5+ years of relevant experience with a strong focus on governance, risk management, and compliance (GRC).
Bachelor's degree in Information Technology, Cybersecurity, Computer Science, or a related field.
Strong knowledge of Information Security and Privacy Frameworks such as ISO 27001/27002, NIST, and GDPR.
Robust knowledge of risk assessment methodologies, information security audits, and compliance assessments.
Proven success in implementing an information security program.
A highly detail-oriented individual.
Leveraging expertise to develop holistic business solutions.
The means to identify and handle ambiguity in complex situations.
Independent prioritization and self-management responsibilities.
Prior experience working cross-functionally.
Ability to simplify complex ideas.
Receptivity to feedback and buy-in from internal and external partners.
A thought partner who can pinpoint opportunities for process improvement and effectively manage change.
A progressive thinker who offers experimental thought leadership.
Additional Information
Spanx is proud of our continued Progressive People Practices…
Company Healthcare Plan:
$0.00 out of pocket (Employee only benefit). Fertility testing and treatment are included in Spanx’s medical plans, even without the diagnosis of infertility.
Parental Leave Policy:
Primary caregiver receives 16 weeks AND will have the option to work a half-time schedule (20 hours per week) for up to four additional weeks with full-time (40 hours per week) pay.
Mental Health Days:
10 days.
401K:
Matched up to 4% with immediate vesting.
PTO & Company Holidays:
PLUS two full weeks of companywide closures (one in the Spring; one between Christmas and NYE).
Flex Friday:
Year-round half day Fridays!
All your information will be kept confidential according to EEO guidelines.
#J-18808-Ljbffr