Role Description

In this role as a Security Technical Program Manager (TPM) at GFiber, you will be responsible for developing the new vendor security assessment process. You'll use your technical expertise to lead complex, multi-disciplinary projects from start to finish, focusing on third-party information security. This will include defining security processes, developing risk metrics and implementing and operating a process to prioritize, monitor, remediate, or accept risk. You will collaborate with stakeholders throughout the business including senior management to develop, execute, and manage the project plans for the program.

In this role, you'll:

• Plan requirements with internal stakeholders and usher projects through the entire project lifecycle, including managing project schedules, identifying risks and clearly communicating them to project stakeholders
• Collaborate with team members and stakeholders to understand or identify defined work problems and program goals, obtain prioritized deliverables, and discuss program impact
• Define the scope of projects and develop, execute, and/or manage project plans for supported program(s)
• Review key metrics pertaining to a program, monitor potential metric deviations, and define corrective actions for critical deviations
• Identify, communicate, and collaborate with relevant stakeholders within one or more teams to drive impact and work toward mutual goals.

At a minimum we'd like you to have:

• Bachelor's degree in Information Security or related technical discipline, or equivalent experience
• 3+ years experience in program management
• Experience implementing risk management frameworks such as NIST RMF and performing cybersecurity or risk assessments such as NIST CSF, ISO 27001 using quantitative or semi-quantitative scoring models
• Experience in security engineering or consulting in vulnerability / incident management, security assessment

It's preferred if you have:

• Hands on experience conducting third risk party assessments and finding remediations based on program volumes or for highly visible and/or most complex requests
• Advanced knowledge of applicable federal and state laws, rules and regulations such as National Information of Standards and Technology (NIST), and International Standards Organization (ISO), ISO 27001/27002, PCI DSS, and other Information security requirements and frameworks
• A proven record of identifying gaps/weaknesses in an organization's security posture, assessing risk level, proposing practical treatment plans and control designs, and working closely with engineers to implement the plans while providing technical compliance guidance
• Demonstrated experience with verbal and written communication to present findings, alternatives, and information.
• Expert organization, planning, and time management ability

The US base salary range for this full-time position is $109,000-$160,000 + bonus + equity + benefits. Our salary ranges are determined by role, level, and location. Within the range, individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education or training. Your recruiter can share more about the specific salary range for your preferred location during the hiring process.