Security and GRC Manager

About the Opportunity

RemoteHunter is seeking a Security and GRC Manager to lead Security, Governance, Risk, and Compliance (GRC) alongside IT endpoint management. This pivotal role involves the comprehensive management and implementation of security policies, conducting thorough third-party vendor assessments, executing robust incident management protocols, responding diligently to compliance and regulatory questionnaires, and performing crucial internal IT security audits. Additionally, the Security and GRC Manager will be responsible for overseeing endpoint security and administration, ensuring a secure and compliant operational environment.

Responsibilities

• Ensure the security and safety of all business information, both at rest and in transit.
• Collaborate with Policy and Compliance teams to maintain IT networks and systems, adhering to government and contractual requirements.
• Partner with engineering and DevOps teams on secure architecture design and implementation.
• Work closely with Compliance and Legal teams on critical regulatory requirements.
• Manage vulnerability reviews, coordinate internal and external scans and audits, and ensure timely remediation of identified issues.
• Oversee infrastructure security and network enhancements in accordance with IT policy.
• Analyze security breaches, identify root causes, and implement effective mitigations.
• Participate in architecture reviews and provide essential security approvals.
• Manage security incident policies and execute comprehensive response plans.
• Provide quarterly security assessment reviews to stakeholders.
• Conduct all third-party vendor security assessments.
• Manage and maintain perimeter defense systems, including firewalls and VPN tunnels.
• Maintain and administer security awareness training programs for all employees.
• Lead certification efforts for SOC 2 and SOX ITGC audits.
• Collaborate cross-functionally to consistently meet all security requirements.

Requirements

• Minimum of 2 years of people management experience.
• Extensive experience configuring and securing Linux and Windows endpoints and environments.
• Proven experience securing AWS, GCP, and other cloud infrastructures.
• Familiarity with EntraID, Google Workspace, and IAM management.
• Experience with endpoint VPN, OS patching, and third-party patch management.
• Demonstrated skills in forensic investigations of network intrusions and data breaches.
• In-depth knowledge of GDPR, SOC 2, NIST, SOX ITGC, CCPA, and other consumer protection laws.
• Experience leading SOC 2 and SOX ITGC certification audits.
• Experience managing firewalls, including AWS, GCP security groups, and Fortinet.
• Experience working with third-party vendors and offshore teams.
• Proficiency with the Jira ticketing system.
• Bachelor’s degree in Computer Science or a related field.
• 5+ years of experience in Cybersecurity, GRC, Endpoint Management, and DevOps security.

Preferred Qualifications

• Certified Information Systems Security Professional (CISSP).
• Certified Ethical Hacker (CEH) certification.
• Experience with NIST and ISO 27001 security frameworks.
• Experience in FinTech or Cryptocurrency sectors.

Benefits & Perks

• 401K matching.
• Health benefits with company contribution toward premiums.
• Paid wellness membership.
• Equity offerings.
• Paid time off and holidays.
• Annual in-person team building events.
• Virtual team building events.
• Remote-first working environment.

Key skills/competency

• Security Governance
• Risk Management
• Compliance Auditing
• Cloud Security (AWS, GCP)
• Endpoint Management
• Incident Response
• Third-Party Vendor Assessment
• Cybersecurity Policies
• SOC 2 / SOX ITGC
• Data Protection Laws (GDPR, CCPA)