Information Security GRC Lead

Recruiter
Millennium Management LLC
Location
Miami
Salary
Competitive
Posted
25 Sep 2024
Closes
23 Oct 2024
Employer Sector
Technology, IT & Telecoms
Contract Type
Permanent
Hours
Full Time

Information Security GRC Lead

Securing Millennium's complex and robust technical environment from external and internal threats is a top priority. This individual will be responsible for the development and management of the Firm's Information Security Governance structure, which will include alignment to industry–standard risk and control frameworks and the requisite measurement and reporting to appropriate internal audiences.

In this role, you will develop a pragmatic approach to help the Firm manage information and Cybersecurity Risk and ensure that senior leadership is well informed of Millennium's position relative to emerging and evolving risk scenarios through both qualitative and quantitative measurement and reporting that is concise, informative, and written in the language of the business.

Other key activities will include working closely with the business to understand overall risk appetite, working with control owners to ensure all information and cybersecurity controls are effective through pragmatic measurement and reporting that will evolve in maturity over time, and evaluating and responding to regulatory inquiries across the range of geographies Millennium does business.

Principal Responsibilities
  • Develop and implement an Information and Cyber Security Governance Framework.
  • Conduct regular risk and control management meetings with a limited set of key stakeholders.
  • Engage with Regulator Affairs and Compliance functions within the Firm.
Qualifications/Skills Required
  • Bachelor's or Master's degree in Computer Science or Cyber Security.
  • 7+ years of experience in Information Security, preferably in the financial services industry.
  • Experience developing and leading an Information and Cybersecurity Governance program.
  • Proven knowledge of information security policies, standards, and governance controls in complex computing environments.
  • Experience implementing and using common EGRC technology solutions.
  • Information and cybersecurity risk management certifications (such as CGRC, CISM, CRISC) or equivalent experience required.
  • Knowledge of Machine Learning (ML), Artificial Intelligence (AI) / Large Language Models (LLMs) in the context of business adoption and risk.
  • Excellent written and verbal communication skills, with the ability to convey complex information simply and clearly to various groups within the organization.
  • Ability to work across multiple time zones in large global environments.
  • Information and cybersecurity certifications (such as Security+, OSCP, CISSP, CEH, GCIA, GCIH) is a plus.

The estimated base salary range for this position is $175,000 to $250,000, which is specific to New York and may change in the future. Millennium pays a total compensation package that includes a base salary, discretionary performance bonus, and a comprehensive benefits package. When finalizing an offer, we take into consideration an individual's experience level and the qualifications they bring to the role to formulate a competitive total compensation package.