Events  Classes  Jobs 
    Sign in  

Department: Information Security

Reports To:TheCISO

Job Overview:

The security governance, risk, & compliance manager will be responsible for defining, implementing & leading a GRC function in the CISO office. He will create the security risk strategy & provide cyber governance & risk management oversight; establishing & managing the security policy framework & relevant standards; overseeing applicable security, privacy, contractual & compliance requirements (i.e. SOC2, MRC, ISO27001, GDPR, CCPA, NIST, DPAs & local privacy laws) through strategy development, controls definition & assessment & process oversight.

Responsibilities & Duties:

  • Directly responsible for policies, procedures & controls to assure compliance with applicable regulatory, legal & audit requirements as well as good business practices
  • Develop & manage an information security risk management program including development, evaluation, & adherence to multiple areas of practice
  • Develop a risk strategy that identifies & classifies risks, defines appropriate tolerances, prioritizes mitigation activities, & measures risk levels using the CMMI Cyber Maturity/NIST CSF Framework
  • Establish & oversee formal risk analysis & self-assessments program for various information services, systems, processes & recognized industry standards
  • Identify, assess, manage, & track remediation of risks related to IT infrastructure, applications, platforms & suppliers & drive explicit requirements & timelines in all environments
  • Develop strong relationships with external audit & key stakeholders to ensure risk management oversight is understood, managed appropriately & current with all standards, guidelines, & regulations that are applicable to DoubleVerify
  • Liaise with all DV departments to identify, track & provide remediation guidance for new projects, services and/or third-party contracts in terms of information security assurance
  • Oversee highest risk initiatives & serve as a point of escalation for remediation/mitigation efforts
  • Develop security compliance strategy & approach & ensure compliance with MRC, SOC2, ISO27001, CCPA, GDPR, local privacy laws, contractual requirements & globally-recognized standards & guidelines
  • Establish & oversee formal vulnerability management, penetration testing & security posture assessment programs
  • Identify regulatory, legislative, & industry specific compliance requirements & define controls that can be used to meet those requirements
  • Oversee third party assessment standards & privileged user monitoring as a check on critical system access
  • Act as privacy & compliance officer & serves as the intake on security related inquiries & coordinating with subject matter experts
  • Build out & maintain current GRC tools & processes within information security to provide visibility & transparency


  • 10+ years experience in information technology; 5+ in a security governance, risk, & compliance management experience
  • 5+ years of progressive information security work experience
  • Prior experience with security policy, standards, & controls definition
  • Strong knowledge of current & emerging cyber security risks, & innovative risk management methods & solutions
  • Ability to collaboratively develop a risk strategy in conjunction with stakeholders
  • Strong analytical thinking, written, & oral communication & presentation skills
  • Demonstrated knowledge of industry authoritative sources such as COBIT, NIST, SOC2, GDPR, MRC, CCPA & ISO standards.
  • Must have the ability to influence others & work at all management levels across the organizational structure
  • Broad understanding of security & privacy concepts
  • Experience working in an international/global organization
  • Skilled at planning, tracking plans, working cross department to review processes & controls, gathering & organizing documentation & test results
  • Able to understand contracts & technical documentation & is able to assess it for consistency & alignment with processes & controls outlined in requirements & audit materials
  • Education Bachelors degree in computer science or related area
  • Industry recognized certification in security (e.g., CISSP, CISA, CISM, CEH, etc.)
  • Experience with MRC accreditation & deep understanding of the online advertising industry & ad platforms (networks, DSPs, ATDs, SSPs, Exchanges)
Apply To Job
© 2020 GarysGuide      Terms