Enterprise Security (GRC) Manager Irobot
Bedford, MA

Job Description

Imagine the future you could help us build.

Teamwork, not just tech work. We are tech futurists and business geniuses. Together, we solve problems to make daily life easier. We are looking for a few more great minds to join our team as we continue to grow one of the world's leading consumer robot companies.

Together, we empower people to do more.

Introduction

We are looking for a Enterprise Security GRC (Governance, Risk Management, and Compliance) Manager. This is a hands-on operational role and will work closely with various IT and business teams to implement security roadmap and operational objectives. The position will report directly to the Director, Enterprise Information Security and located in Bedford, MA.

Responsibilities

* Manage security governance, strategy, planning and execution of internal governance controls and related processes in alignment with global regulations and company policies
* Define and document Information Security Management System (ISMS)
* Serve as the Enterprise Security Liaison for all risk and audit related activities
* Development of key performance and risk metrics across the Information Security program to enrich management reporting
* Perform internal audits (and manage relationships with Dir. IA and Dir. Privacy)
* Obtain and maintain ISO 27001 and other compliance certifications
* Continuous program risk assessment against relevant framework(s) such as CIS 20, NIST CSF
* Support a modern Security Awareness and Training program for all employees
* Work closely with IAM, Vulnerability Management, and Cyber Defense teams and technologies
* Support the third-party vendor risk management program
* Perform other duties of the Enterprise Security team as assigned by the Director, Enterprise Information Security

Qualifications

* Expertise in quantitative and qualitative information security risk management
* 10+ years of experience
* Demonstrated experience with cyber security and risk management standards such as the ISO 27000 series, NIST RMF and CMF, and CIS Top 20
* Strong background in program and project management with a demonstrated record of delivering high-visibility projects on-time and within budget
* Experience in setting up and running an internal audit function
* In-depth knowledge of regulatory environment (SOX, HIPAA, PCI, GDPR, data privacy, and other regulations) with strong working knowledge of pertinent laws
* Ability to communicate well with both technology and business leaders
* Experience applying enterprise risk management principles to suppliers and other third-parties
* Ability to work with technical teams to make risk management actionable and to operationalize mitigations in the real world
* Demonstrated experience managing IT security risk in both on-premises and cloud (IaaS, PaaS, SaaS) environments
* Trustworthy with high standards of personal integrity (demonstrated by an unblemished career history, complete lack of criminal convictions, etc.) and willing to undergo vetting and/or personality assessments to verify this if necessary
* CISSP, CISM, CISA or other industry-recognized security certifications are a plus
* Bachelor's in Computer Science, Business Administration, Information Systems, or a related field preferred