Location: New York City, NY (on-site)
Compensation: $175,000 - $250,000 base salary, plus annual bonus and comprehensive benefits package.
Glocomms is partnered with a leading global alternative investment management firm seeking an experienced Information Security/GRC Lead to spearhead its Governance, Risk, and Compliance (GRC) initiatives. This role will be critical in safeguarding the firm’s information assets by evaluating and incorporating both qualitative and quantitative risk measurements, developing and managing a robust cybersecurity framework that aligns with industry standards and regulatory requirements.
The Information Security/GRC Lead will:
- Develop and implement a comprehensive Information Security Governance Framework that aligns with industry standards and best practices.
- Identify, assess, and manage cybersecurity risks, ensuring that the firm’s risk posture is aligned with its overall risk appetite.
- Oversee risk and control management activities, ensuring that information security controls are effective and evolving in response to emerging threats.
- Collaborate with Regulatory Affairs and Compliance teams to address regulatory inquiries and ensure compliance with applicable laws and regulations across all jurisdictions.
- Implement and manage EGRC (Enterprise Governance, Risk, and Compliance) technology solutions to enhance the effectiveness and efficiency of the GRC program.
- Work closely with control owners and business units to ensure that security practices are integrated into business processes and that security controls support business objectives.
- Evaluate the impact of emerging technologies such as Machine Learning (ML), Artificial Intelligence (AI), and Large Language Models (LLMs) on the firm’s security posture.
- Communicate complex security concepts and risk assessments clearly and effectively to senior leadership and other stakeholders across the organization.
Qualifications:
- Bachelor’s or Master’s degree in Computer Science, Cyber Security, or a related field.
- Minimum of 7 years of experience in Information Security, particularly in the financial services industry.
- GRC/risk management certifications such as CGRC, CISM, or CRISC are required; relevant cybersecurity certifications such as Security+, OSCP, CISSP, CEH, GCIA, or GCIH are highly desirable.
- Extensive knowledge of information security policies, standards, and governance controls in complex, global environments.
- Familiarity with EGRC technology solutions is a plus.
- Strong written and verbal communication skills, with the ability to work across multiple time zones in a global environment.
The base salary for this position ranges from $175,000 to $250,000, commensurate with experience and qualifications. The total compensation package includes an annual bonus and a comprehensive benefits package.