GRC Lead

About the role

Fortis Games is hiring for a GRC Lead to help build, manage, execute, and track the end to end processes in the following areas: vulnerability management, cyber data governance, risk and verification, cyber awareness and training, and cyber policy/standards/standard operating procedures development. This role will focus on delivering on our IT and InfoSec portfolios to service our company.

What you will do

• Develop the program(s) to support the governance of our IT and InfoSec Risk and Compliance programs in the following disciplines:
• Vulnerability management which includes tracking the triage and remediation of scans of the Fortis computing environment for secure configurations and vulnerabilities as well as tracking and performing the exception processes
• Cyber governance, risk and verification which performs risk assessments, system security and industrial control system zone security plans including listing controls, gaps in implemented controls and tracking remediation of gaps, and provides input to the risk register
• Third party risk management including risk assessment of vendors and or applications. Identify risks and create treatment plans for the assessment.
• Cyber security awareness and training which includes creating and delivering cyber awareness training based on role and rank within the organization, and arranging and tracking cyber team member information security training and role progression. Conducts Simulated Phishing campaigns quarterly for all Fortis team members.
• Cyber & IT policy/standard and standard operating procedure creation, review, distribution, and maintenance
• Collection and reporting of metrics to IT and InfoSec Leadership
• Act as a liaison for all audits of our controls, best practices, and standards.

What you will need to be successful

• 3 years of experience in a Cyber Security role
• 1+ years of experience of related field work in an Information Technology role
• 1+ years of experience using OneTrust (or similar) platform
• Demonstrated management experience in at least one area in the following list:
• Cyber Vulnerability Management
• Cyber Governance and Risk
• Cyber Awareness and Training
• Cyber Policy/Standard/Standard Operating Procedures
• Working knowledge of threats and vulnerabilities and their significance to cyber risk
• Working knowledge of NIST 800-53, ISO 27001, CIS Benchmarks, SOX Compliance, GDPR, and familiarity with SOC 1 and 2 reports.
• Excellent verbal and written communication skills are crucial for conveying technical information to non-technical stakeholders, facilitating meetings, and maintaining effective communication within distributed global teams.
• Experience working with internal and external partners and vendors to achieve goals on aggressive timelines
• Self motivated and proactive with demonstrated creative and critical thinking skills
• Comfortable with ambiguity