ZipRecruiter - Minneapolis, MN
posted 23 days ago
Full-time - Mid Level
Remote - Minneapolis, MN
About the position
The Information Security Governance & Compliance Manager at Messerli Kramer plays a crucial role in overseeing the firm's Information Security and Governance program. This position is responsible for risk-based activities, including the design, development, and implementation of information security policies, procedures, and standards. The manager will monitor compliance with internal policies and external regulations, assess risks, and enhance governance practices to ensure the firm meets industry standards and client requirements.
Responsibilities
- Perform security assessments to determine effectiveness of implemented security controls.
- Assess the security posture of systems throughout their life cycle.
- Lead efforts to counter security breaches and anticipate and reduce future security alerts, incidents, and disasters.
- Assist management in identifying risks and actions to monitor, remediate & report via the risk register.
- Lead and review third party and supplier risk management programs and assessments based on each firm division requirements.
- Implement and support security compliance mandates from client contractual agreements.
- Write reports and provide insights on the efficacy of current security policies, incident responses, disaster recovery plans, and other security-related information.
- Assist with Insurance renewal applications specific to required security controls and questionnaires.
- Manage and facilitate the IT team's responses to security questionnaire and security audit reviews received from client oversight programs.
- Manage and monitor internal self-audit program.
- Monitor and manage response to the vulnerability management program.
- Monitor and enforce information security policies.
- Assist with outside audit and certification activities including management of security questionnaires.
- Advise on content section in established computer security education and awareness programs and design and conduct training ad hoc computer security education.
- Apply contemporary business principles integral to a high-tech organization.
- Assist with IT vendor management and partner with vendor IT360 and other managed services partners.
- Assist IT Management to identify security initiatives and the security budgeting process.
- Solve business and technology challenges.
Requirements
- 3+ years' experience in information security policy, security authorization, audit, and technical practice.
- Experience working in a regulated environment or legal experience.
- Experience in GLBA, PCI and SOC compliance environments.
- Familiarity with NIST SP 800 series, ISO/IEC 27000 series, and similar standards.
- B.S. or equivalent in Computer Science, Information Science & Technology, or related field.
- CISSP, CISA, or CISM certification. Other information security certifications highly desired.
- Excellent verbal and written communication skills.
- Ability to work in a high-stress environment.
- Detail oriented with strong organizational and prioritization skills.
Nice-to-haves
- Experience in a legal environment.
- Knowledge of contemporary business principles in high-tech organizations.
Benefits
- Flexible hybrid work environment.
- Competitive salary with an annual discretionary bonus based on company results.
- Comprehensive benefits package including medical (High Deductible and PPO Plan options), dental, vision, life, and 401k retirement benefits.
- 401K employer contribution.
- Employer HSA health savings account contribution.
- Transit and/or monthly parking reimbursement.
- Onsite gym.
