Information Security Manager (GRC)
Company: Bandwidth
Location: Raleigh
Posted on: March 18, 2023
Job Description:
Who We Are:
Bandwidth (NASDAQ: BAND) is a global communications software
company that helps enterprises connect people around the world with
cloud-ready voice, messaging and emergency services. Backed by a
network reaching 60+ countries covering 90 percent of global GDP,
companies like Cisco, Google, Microsoft, RingCentral, Uber and Zoom
use Bandwidth's APIs to easily embed communications into software
and applications. Bandwidth has more than 20 years in the
technology space and was the first Communications
Platform-as-a-Service (CPaaS) provider to offer a robust selection
of APIs built around our own global network. Our award-winning
support teams help businesses around the world solve complex
communications challenges every day.
At Bandwidth, your music matters when you are part of the BAND. We
celebrate differences and encourage BANDmates to be their authentic
selves. #jointheband
What We Are Looking For: The Information Security GRC Manager core
function serves in a primary role as Manager and Technical Lead for
the design, configuration and implementation of the Information
Security ISMS/PIMS, the GRC supporting systems, tools,
integrations, and all related applications. Secondary focus
includes the administration, maintenance, and ongoing support of
the ISMS/PIMS, and all related GRC tools for completeness,
accuracy, effectiveness, and functionality. This role also assists
with risk management, security and privacy controls, ISMS/PIMS
requirements, policies, standards, baselines, guidelines, and
procedures as well as assisting security leadership with formal
risk/gap assessments including customer and prospect security
reviews. The GRC Manager is expected to have formal compliance
audit knowledge and experience, auditing experience of common
security controls for compliance needs, and to act in a supporting
role for security audits, leveraging the GRC systems and tools as
needed. Audit support also includes internal compliance audits,
reviews of users, access, roles, privileges, and permissions across
complex IT environments. In the GRC Manager role you are expected
to be aware of the enterprise's security and privacy goals as
established by the stated objectives, mission, policies,
procedures, and guidelines. You will actively work towards
achieving and upholding those goals for Bandwidth Inc. This role
will liaison with peers in security and IT as well as across all
technology departments.
What You'll Do:
- Plan, design, build, implement, and maintain the Security
ISMS/PIMS system(s).
- Plan, design, build, implement, and maintain the GRC systems,
tools, and apps that support the ISMS/PIMS.
- Serve as the Technical Lead for the Security ISMS/PIMS and GRC
systems, tools, and apps.
- Manage the risk assessment process of third-party vendors (VRM
Process).
- Help facilitate internal and external audits to support the
Security program and overall compliance needs.
- Participate on the Security IRT as needed for Incident
Management processing and support.
- Work across multiple teams to help drive reduction in risks,
gaps, and non-compliances.
- Mentor junior GRC and other Information Security roles/staff as
needed.
- Conduct internal audits to validate completeness and accuracy
of the ISMS/PIMS, and security program.
- Support internal audits of Contractual and Policy controls to
validate ISMS/PIMS effectiveness and compliance.
- Perform user access reviews (UARs) as needed for audits and
reporting on a recurring basis.
- Develop remediation/corrective actions driven by audit results
for compliance within the organization.
- Assist with information security and privacy awareness
training, educational material, campaigns, and Manage the related
records, KPI's and metrics. What You Need:
- Degree in IT or Information Security discipline or other
equivalent combination of education and/or sufficient work
experience that is focused on IT Security, Risk Management, Data
Protection or Compliance. Certifications are preferred and
welcomed, but not required for the role.
- Minimum 5 years in IT/Tech related roles, and 3+ years of
Information Security and audit experience.
- Proficient understanding and working knowledge of common
security standards and frameworks and the supporting systems and
tools that are required for achieving and maintaining effective
compliance.
- Experienced with operating industry standard Infosec GRC tools
and supporting systems.
- Knowledge of common cyber-security tools; GRC, SIEMs,
vulnerability scanners secops and appsec.
- Knowledge of common AWS cloud security standards including
tools and supporting systems.
- Experience using Jira, Confluence, and ServiceNow.
- Understanding of IT systems, architecture, design, towards
common industry best practices.
- Strong analytical skills (logical/critical thinking) reviewing
reports, spotting trends, areas of concern, etc.
- Agile flexibility to move between work streams to help
accommodate changes and priorities.
- Critical thinking and a problem solving mindset, propensities
toward designing effective remediations.
- Familiarity of Windows, Linux, and Mac operating systems. Bonus
Points:
- Formal security related certifications, degree, and/or
additional years of related work experience.
- IT Security compliance related auditing.
- ISMS/PIMS familiarity and use.
- Enterprise IT Security programs, systems, tools, and
applications.
- Designing and delivering employee security awareness
training.
- Business Continuity Plans and Disaster Recovery Plans
- Cloud security and architecture and common cloud security
controls, especially AWS.
- General Security, IT, and Compliance Audits. Cloud Security and
Compliance, prefer AWS. Security and Privacy standards and best
practices. International security and privacy standards and
regulations. The Whole Person Promise:
At Bandwidth, we're pretty proud of our corporate culture, which is
rooted in our "Whole Person Promise." We promise all employees that
they can have meaningful work AND a full life, and we provide a
work environment geared toward enriching your body, mind, and
spirit. How do we do that? Well...
- 100% company-paid Medical, Vision, & Dental coverage for you
and your family with low deductibles and low out-of-pocket
expenses.
- All new hires receive four weeks of PTO.
- PTO Embargo. When you take time off (of any kind!) you're
embargoed from working. Bandmates and managers are not allowed to
interrupt your PTO - not even with email.
- Additional PTO can be earned throughout the year through
volunteer hours and Bandwidth challenges.
- "Mahalo moments" program grants additional time off for life's
most important moments like graduations, buying a first home,
getting married, wedding anniversaries (every five years), and the
birth of a grandchild.
- 90-Minute Workout Lunches and unlimited meetings with our very
own nutritionist.
Are you excited about the position and its responsibilities, but
not sure if you're 100% qualified? Do you feel you can work to help
us crush the mission? If you answered 'yes' to both of these
questions, we encourage you to apply! You won't want to miss the
opportunity to be a part of the BAND.
Applicant Privacy Notice
Keywords: Bandwidth, Raleigh , Information Security Manager (GRC), Executive , Raleigh, North Carolina
Didn't find what you're looking for? Search again!
Loading more jobs...