Events  Deals  Jobs 
    Sign in  
 
 
 
JOB DETAILS
 

Company: DoubleVerify

Role: Governance, Risk, & Compliance Specialist

Department: Information Security

Type: Full Time

Job Overview: 

The Governance, Risk, & Compliance specialist will be an essential contributor to the GRC function at DoubleVerify. This role will develop, implement & maintain GRC systems & processes, assess information risk, maintain policies, track the information security program & be a strong advocate for effectively managing risk, enhancing internal controls, & ensuring compliance.

 Responsibilities & Duties:

  • Develop & maintain policies, standards, procedures, & controls to assure compliance with applicable regulatory, legal, & audit requirements as well as good business practice.
  • Assess risk & compliance for various information services, systems, processes, & recognized industry standards.
  • Identify, manage, & track remediation of risks related to IT infrastructure, applications, platforms, & suppliers,
  • Liaise with DV departments & support risk assessment & remediation requirements.
  • Evaluate security compliance for various frameworks.
  • Ensure that essential control activities are being appropriately administered & are operating effectively.
  • Identify regulatory, legislative, & industry-specific compliance requirements; define & monitor controls that address those requirements.
  • Serve as the intake on security-related inquiries & coordinating with subject matter experts.
  • Contribute to the build-out, enhancement, & maintenance of the GRC system for key processes including controls management, audits, policy maintenance, incident response, business continuity, & third-party risk.
  • Evaluate vendor security risk in the onboarding process, as well as the ongoing monitoring of service providers security.
  • Review service provider control attestations & ensure that applicable DV control requirements are sufficiently met.
  • Manage DVs standard public security profile & control repository.
  • Support customer-facing teams in presenting DVs security posture & controls to external entities.
  • Maintain the automated system for the periodic recertification of user access & manage the process to ensure its successful execution.
  • Work with security & risk solution vendors to enhance DVs implementations & help design & connect system interfaces to data exchanges across systems.
  • Manage security & risk-related projects using industry-standard project management methodologies.
  • Coordinate external audit relationships, activities, & DV delivery requirements.
  • Manage the collection & reporting of security & risk performance metrics.
  • Support security training & testing campaigns with innovative solutions to improve security awareness across the organization.

Qualifications:

  • 5+ years experience in information technology; 3+ in information security, IT audit, governance, risk, or compliance management.
  • Currently holding or working towards achieving an industry-recognized certification in information security, IT audit, or related area.
  • Prior experience with security policy, standards, & controls definition.
  • Strong knowledge of current & emerging cybersecurity risks, & innovative risk management methods & solutions.
  • Background in performing risk assessments & audits.
  • Experience with & knowledgeable of regulatory frameworks e.g., SOC2, NIST, COBIT, & ISO 27001.
  • Experience successfully managing complex projects.
  • Ability to collaboratively develop risk management strategies in conjunction with stakeholders.
  • Strong analytical thinking, written & oral communication, & presentation skills.
  • Must have the ability to influence others & work at all management levels across the organizational structure.
  • Broad understanding of security compliance & privacy concepts.
  • Skilled at process mapping, flowcharting, & MS-Office/G-Suite tools.
  • Adept at working across departmental areas to understand business & technical processes & controls & assess their effectiveness.
  • Ability to design control processes, identify operational performance gaps, & offer practical solutions to remediate control issues.
  • Passionate commitment to information security & delivering practical solutions to information risk.
  • Bachelors Degree or higher in Computer Science or related field or equivalent technical experience.
 
 
 
Apply To Job
 
 
 
 
 
© 2021 GarysGuide      About    Feedback    Press    Terms