Job Description
Introduction to arenaflex arenaflex is a leading private industry player that values innovation, security, and compliance. As a forward-thinking organization, we are committed to protecting our assets and ensuring the highest standards of cybersecurity. Our team of experts is dedicated to guiding GRC-related activities, managing internal security compliance requirements, and implementing regulations, tactics, and frameworks to safeguard our operations. We are now seeking an experienced Cyber Protection and Compliance Specialist to and contribute to our mission of delivering exceptional security and compliance solutions.
About the Role
The Cyber Protection and Compliance Specialist will play a critical role in guiding GRC-related activities, managing internal security compliance requirements, and implementing regulations, tactics, and frameworks to safeguard our operations. This is an exciting opportunity for a seasoned professional to and make a significant impact on our cybersecurity posture. As a key member of our team, you will be responsible for assisting in the development and implementation of our third-party/internal risk management software, managing internal security compliance requirements, and ensuring the effective execution of various tasks within the team.
Key Responsibilities Third-party/internal risk management (TPRM) software development and implementation Assist in the development and implementation of our global third-party/internal risk method for conducting cyber risk-related due diligence exams Validate incoming third-party/internal risk assessment requests, working with business stakeholders to confirm the details of the request and the scope of the engagement Conduct kick-off sessions with business stakeholders and related third-parties for conducting the TPA Coordinate the distribution of due diligence questionnaires to internal stakeholders/third-parties, review submitted questionnaires for completeness, and identify risks arising from the current design and operational effectiveness of the internal/third-party's security controls File responses, associated findings, and remediation plans in our systems Draft/review reports for the checks performed and ensure respective business stakeholders finalize reviews Act as a strong liaison to ensure any queries are responded to concerning the risk control technique and evaluation to the business or third-parties as required Perform continuous monitoring of third-parties via our systems for current/new findings and track any findings to closure Identify opportunities for improvement within our systems and strategies Work closely with the risk lead/supervisor to schedule and execute a range of different supporting activities related to the risk management program Governance, Risk, and Compliance
The successful candidate will also be responsible for leading and supporting the development of cybersecurity risk and compliance-related strategies to ensure the treatment of cybersecurity risk consistent with the organization's risk appetite.
This will include maintaining and documenting compliance towards information security-related guidelines and processes through planning, testing, remediating, monitoring, and reporting on control reviews and risk assessments. Competencies and Attributes for Success To be successful in this role, you will possess: Outstanding stakeholder management skills A working understanding of information security-related best practices and requirements, including ISO 2700x, SOC 2 requirements, SSAE 16/18 requirements, and others Experience in the management of risk, controls, and compliance Knowledge of risk evaluation methodologies – qualitative/quantitative Superior analytical and problem-solving abilities Excellent presentation-making and delivery skills Strong interpersonal skills Ability to navigate rapid-paced environments and be flexible with working hours Fantastic communication skills, both verbal and written Ability to adapt quickly to changing conditions and drive high-quality change Preferred Education and Experience
The ideal candidate will possess: A relevant Bachelor's/Master's degree from an accredited university or equivalent experience At least 4 years of experience in third-party risk management, information security, and audit & compliance tracking (minimum of 2-3 years in TPRM/internal audit) Preferred experience with a large company and/or large four accounting firm One or more credentials - CISA, CRISC, ISO27001 L.
/LI, CISSP Experience in AI/ML is a plus
Career Growth Opportunities and Learning Benefits At arenaflex, we are committed to the growth and development of our employees. As a Cyber Protection and Compliance Specialist, you will have access to a range of training and development opportunities, including:
Professional certifications and training programs Mentorship and coaching from experienced professionals Opportunities for career advancement and progression A collaborative and dynamic work environment that encourages innovation and creativity Work Environment and Company Culture arenaflex is a dynamic and innovative organization that values its employees and offers a range of benefits, including: A competitive salary and benefits package A flexible and remote work environment A collaborative and dynamic team culture Opportunities for professional growth and development A commitment to diversity, equity, and inclusion
Compensation, Perks, and Benefits As a Cyber Protection and Compliance Specialist at arenaflex, you can expect a competitive salary and benefits package, including: A salary range of $80,000 per year A range of benefits, including health insurance, retirement savings, and paid time off A flexible and remote work environment Opportunities for professional growth and development A collaborative and dynamic team culture Conclusion If you are a motivated and experienced cybersecurity professional looking for a new challenge, we encourage you to apply for this exciting opportunity.
As a Cyber Protection and Compliance Specialist at arenaflex, you will have the opportunity to work with a dynamic and innovative team, develop your skills and expertise, and contribute to the growth and success of our organization. Don't miss out on this opportunity to and take your career to the next level. to become a part of our team and help us shape the future of cybersecurity and compliance.