Role: Governance, Risk, & Compliance Specialist
Department: Information Security
Type: Full Time
The Governance, Risk, & Compliance specialist will be an essential contributor to the GRC function at DoubleVerify. This role will develop, implement & maintain GRC systems & processes, assess information risk, maintain policies, track the information security program & be a strong advocate for effectively managing risk, enhancing internal controls, & ensuring compliance.
Responsibilities & Duties:
- Develop & maintain policies, standards, procedures, & controls to assure compliance with applicable regulatory, legal, & audit requirements as well as good business practice.
- Assess risk & compliance for various information services, systems, processes, & recognized industry standards.
- Identify, manage, & track remediation of risks related to IT infrastructure, applications, platforms, & suppliers,
- Liaise with DV departments & support risk assessment & remediation requirements.
- Evaluate security compliance for various frameworks.
- Ensure that essential control activities are being appropriately administered & are operating effectively.
- Identify regulatory, legislative, & industry-specific compliance requirements; define & monitor controls that address those requirements.
- Serve as the intake on security-related inquiries & coordinating with subject matter experts.
- Contribute to the build-out, enhancement, & maintenance of the GRC system for key processes including controls management, audits, policy maintenance, incident response, business continuity, & third-party risk.
- Evaluate vendor security risk in the onboarding process, as well as the ongoing monitoring of service providers security.
- Review service provider control attestations & ensure that applicable DV control requirements are sufficiently met.
- Manage DVs standard public security profile & control repository.
- Support customer-facing teams in presenting DVs security posture & controls to external entities.
- Maintain the automated system for the periodic recertification of user access & manage the process to ensure its successful execution.
- Work with security & risk solution vendors to enhance DVs implementations & help design & connect system interfaces to data exchanges across systems.
- Manage security & risk-related projects using industry-standard project management methodologies.
- Coordinate external audit relationships, activities, & DV delivery requirements.
- Manage the collection & reporting of security & risk performance metrics.
- Support security training & testing campaigns with innovative solutions to improve security awareness across the organization.
- 5+ years experience in information technology; 3+ in information security, IT audit, governance, risk, or compliance management.
- Currently holding or working towards achieving an industry-recognized certification in information security, IT audit, or related area.
- Prior experience with security policy, standards, & controls definition.
- Strong knowledge of current & emerging cybersecurity risks, & innovative risk management methods & solutions.
- Background in performing risk assessments & audits.
- Experience with & knowledgeable of regulatory frameworks e.g., SOC2, NIST, COBIT, & ISO 27001.
- Experience successfully managing complex projects.
- Ability to collaboratively develop risk management strategies in conjunction with stakeholders.
- Strong analytical thinking, written & oral communication, & presentation skills.
- Must have the ability to influence others & work at all management levels across the organizational structure.
- Broad understanding of security compliance & privacy concepts.
- Skilled at process mapping, flowcharting, & MS-Office/G-Suite tools.
- Adept at working across departmental areas to understand business & technical processes & controls & assess their effectiveness.
- Ability to design control processes, identify operational performance gaps, & offer practical solutions to remediate control issues.
- Passionate commitment to information security & delivering practical solutions to information risk.
- Bachelors Degree or higher in Computer Science or related field or equivalent technical experience.