Information Security Governance Risk and Compliance Manager

| Greater NYC Area

Department: Information Security

Reports To: The CISO

Job Overview: 

The security governance, risk, and compliance manager will be responsible for defining, implementing and leading a GRC function in the CISO office. He will create the security risk strategy and provide cyber governance and risk management oversight; establishing and managing the security policy framework and relevant standards; overseeing applicable security, privacy, contractual and compliance requirements (i.e. SOC2, MRC, ISO27001, GDPR, CCPA, NIST, DPAs and local privacy laws) through strategy development, controls definition and assessment and process oversight.


Responsibilities and Duties:

  • Directly responsible for policies, procedures and controls to assure compliance with applicable regulatory, legal and audit requirements as well as good business practices
  • Develop and manage an information security risk management program including development, evaluation, and adherence to multiple areas of practice
  • Develop a risk strategy that identifies and classifies risks, defines appropriate tolerances, prioritizes mitigation activities, and measures risk levels using the CMMI Cyber Maturity/NIST CSF Framework
  • Establish and oversee formal risk analysis and self-assessments program for various information services, systems, processes and recognized industry standards
  • Identify, assess, manage, and track remediation of risks related to IT infrastructure, applications, platforms and suppliers and drive explicit requirements and timelines in all environments
  • Develop strong relationships with external audit and key stakeholders to ensure risk management oversight is understood, managed appropriately and current with all standards, guidelines, and regulations that are applicable to DoubleVerify
  • Liaise with all DV departments to identify, track and provide remediation guidance for new projects, services and/or third-party contracts in terms of information security assurance
  • Oversee highest risk initiatives and serve as a point of escalation for remediation/mitigation efforts
  • Develop security compliance strategy and approach and ensure compliance with MRC, SOC2, ISO27001, CCPA, GDPR, local privacy laws, contractual requirements and globally-recognized standards and guidelines
  • Establish and oversee formal vulnerability management, penetration testing and security posture assessment programs
  • Identify regulatory, legislative, and industry specific compliance requirements and define controls that can be used to meet those requirements
  • Oversee third party assessment standards and privileged user monitoring as a check on critical system access
  • Act as privacy and compliance officer and serves as the intake on security related inquiries and coordinating with subject matter experts
  • Build out and maintain current GRC tools and processes within information security to provide visibility and transparency

Qualifications:

  • 10+ years’ experience in information technology; 5+ in a security governance, risk, and compliance management experience
  • 5+ years of progressive information security work experience
  • Prior experience with security policy, standards, and controls definition
  • Strong knowledge of current and emerging cyber security risks, and innovative risk management methods and solutions
  • Ability to collaboratively develop a risk strategy in conjunction with stakeholders
  • Strong analytical thinking, written, and oral communication and presentation skills
  • Demonstrated knowledge of industry authoritative sources such as COBIT, NIST, SOC2, GDPR, MRC, CCPA and ISO standards.
  • Must have the ability to influence others and work at all management levels across the organizational structure
  • Broad understanding of security and privacy concepts
  • Experience working in an international/global organization
  • Skilled at planning, tracking plans, working cross department to review processes and controls, gathering and organizing documentation and test results
  • Able to understand contracts and technical documentation and is able to assess it for consistency and alignment with processes and controls outlined in requirements and audit materials
  • Education – Bachelor’s degree in computer science or related area
  • Industry recognized certification in security (e.g., CISSP, CISA, CISM, CEH, etc.) 
  • Experience with MRC accreditation and deep understanding of the online advertising industry and ad platforms (networks, DSPs, ATDs, SSPs, Exchanges)
Read Full Job Description

Technology we use

  • Engineering
    • .NETLanguages
    • C#Languages
    • JavaLanguages
    • JavascriptLanguages
    • PythonLanguages
    • RLanguages
    • ScalaLanguages
    • SqlLanguages
    • ReactLibraries
    • Twitter BootstrapLibraries
    • AngularJSFrameworks
    • HadoopFrameworks
    • Node.jsFrameworks
    • SparkFrameworks
    • HiveDatabases
    • Microsoft SQL ServerDatabases
    • MongoDBDatabases
    • VerticaDatabases
    • HadoopDatabases

Location

DoubleVerify is located in the neighborhood of Soho New York. This neighborhood is full of great places to grab lunch or shop.

What are DoubleVerify Perks + Benefits

DoubleVerify Benefits Overview

Our employees enjoy perks & benefits, some of which are global and some are locally adjusted:

-Tuition reimbursement -Health & fitness reimbursement
-401(k) matching -Comprehensive medical coverage
-Free lunch & breakfast -Fully stocked break rooms
-Commuter benefits -Unlimited days off (US)
-Annual summer outings -Weekly perks like massages & yoga
-Monthly happy hours -Company outings and events

Culture
Friends outside of work
Eat lunch together
Daily stand up
Open door policy
Team owned deliverables
Team based strategic planning
Group brainstorming sessions
Pair programming
Open office floor plan
Health Insurance & Wellness Benefits
Flexible Spending Account (FSA)
Disability Insurance
Dental Benefits
Vision Benefits
Health Insurance Benefits
Acme's health insurance policy covers up to 2% of out of pocket expenses.
Life Insurance
Wellness Programs
Team workouts
Child Care & Parental Leave Benefits
Generous Parental Leave
We provide up to 16 weeks of parental leave for the primary caretaker. Acme Co. also provides 4 weeks of leave for the secondary caretaker.
Family Medical Leave
Company sponsored family events
Acme co. sponsors family oriented events Semi-annually.
Vacation & Time Off Benefits
Unlimited Vacation Policy
Perks & Discounts
Beer on Tap
Casual Dress
Commuter Benefits
Company Outings
Acme Co. hosts company outings Monthly.
Free Daily Meals
We provide free breakfast on Friday. Employees get free lunch on Wednesday.
Stocked Kitchen
Happy Hours
Happy hours are hosted Once per month.
Fitness Subsidies
Professional Development Benefits
Job Training & Conferences
Acme Co. offers employees professional development opportunities like Annual individual budget for training, Onsite training courses.
Tuition Reimbursement
Lunch and learns
Acme Co. hosts lunch and learn meetings on occasion.
Time allotted for learning
Online course subscriptions available
More Jobs at DoubleVerify41 open jobs
All Jobs
Finance
Data + Analytics
Dev + Engineer
Marketing
Operations
Product
Project Mgmt
Sales
Project Mgmt
new
New York
Data + Analytics
new
New York
Developer
new
New York
Marketing
new
New York
Data + Analytics
new
New York
Data + Analytics
new
New York
Product
new
New York
Finance
new
New York
Data + Analytics
new
New York
Data + Analytics
new
New York
Sales
new
New York
Data + Analytics
new
New York
Product
new
New York
Developer
new
New York
Data + Analytics
new
New York
Product
new
New York
Developer
new
New York
Developer
new
New York
Data + Analytics
new
New York
Operations
new
New York