at Marcum LLP in Deerfield, Illinois, United States
Job Description
Marcum LLP offers a great career with exceptional benefits.
There's a lot to think about when it comes to launching your career. At Marcum, we offer you a world of opportunity, a highly competitive salary, exceptional benefits, flexible work options, and industry-leading technology, all within an environment that values your contributions and supports your professional growth.
At Marcum, eligible associates receive a benefits package that includes health, dental, and vision insurance, short and long-term disability insurance, life insurance, flexible spending accounts, and transit benefits, as well as paid time off, a 401(k) plan with an employer contribution, and a profit sharing plan.
Marcum LLP is seeking a GRC Compliance Specialist to join our Governance, Risk and Compliance (GRC) team in the internal IT department and be part of the Vendor Management (VM) GRC program. The GRC Compliance specialist must have at least 5 years of experience in building and assessing vendor risk , reviewing questionnaires, and asking security related questions based on the responses provided by the vendor.
Visa Sponsorship is not available for this job opportunity.
The Governance, Risk, and Compliance (GRC) Specialist is a key role within the organization responsible for developing, implementing, and maintaining policies and procedures that ensure the company adheres to industry standards. The GRC Specialist will collaborate with various departments to ensure that compliance is integrated into all aspects of the company's operations, thereby enhancing the overall governance framework. Additionally, the specialist will facilitate audits and assessments, manage compliance documentation, and provide training and support to ensure that all staff understand and can effectively apply GRC principles.
Position Summary: The GRC Specialist is responsible for assessing, managing, and mitigating risks associated with third-party vendors and service providers. Implement security best practices, policies, and controls through a repeatable process. This role involves conducting thorough security evaluations of potential and existing vendors, conducting regular security awareness trainings, and phishing campaigns, design and implementation of KPI's, KRI's, enhancing our internal policies and procedures.
Requirements:
Minimum of 5 years of experience in information security, with a focus on third-party/vendor risk management.
Strong understanding of information security principles, frameworks (e.g., NIST, ISO 27001, SOC 2 Type 2), and regulations (e.g., GDPR, HIPAA).
Experience with risk assessment methodologies and tools.
Excellent analytical and critical thinking skills, with the ability to manage complex projects.
Proficient communication skills, both written and verbal, with the ability to explain technical concepts to non-technical stakeholders.
Detail-oriented with strong organizational skills.
Ability to work independently as well as collaboratively within a team environment.
Bachelor's degree in information technology, Cybersecurity, or a related field; or equivalent work experience.
Preferred Requirements:
Relevant professional certifications, such as CISM, CRISC, or CISA are preferred.
Job Responsibilities:
Enhance existing security policies, controls and procedures and conduct annual certifications.
Assist to operationalize the GRC tool and identify areas of improvement.
Develop and maintain a vendor risk management framework and supporting documentation.
Conduct detailed risk assessments, identify potential security risks associated with third-party vendors by reviewing and analyzing security policies, controls, and procedures.
Get to know the business side, meet with owners and vendors, while identifying opportunities to improve ease of vendor management.
Collaborate with legal, and other departments to ensure that security requirements are included in contracts and service level agreements (SLAs).
Collaborate and coordinate with other Security groups, IT Operations, and other teams on audits, assessments and GRC control recommendations.
Monitor and evaluate changes in vendor services or operations that may impact the organization's security posture.
Provide guidance and recommendations to internal stakeholders regarding security risks and controls.
Publish and collaborate outside vulnerability and threats. Stay current with industry best practices, regulatory requirements, and emerging threats related to third-party engagements.
Maintain Security Awareness, Compliance programs, Risk register.
Generate KPI's and KRI's for the security... For full info follow application link.
Marcum LLP is an Equal Opportunity Employer
Marcum LLP does not discriminate on the basis of race, ancestry, national origin, color, religion, gender, gender identity, age, marital status, sexual orientation, disability, veteran status, or any other protected classification under the law.
