Cyber Security Manager of Governance, Risk & Compliance at Alvarez & Marsal Holdings, LLC

Posted in Consultant 18 days ago.

This job brought to you by eQuest

Type: Full-Time
Location: New York, New York

Job Description:

Cyber Security Manager of Governance, Risk, Compliance


Job Description

The Manager of Governance, Risk, Compliance will be responsible for supporting the evolution (implementation, and daily activities) of the GRC function within A&M’s Global Security Office.  This role will be focused on the continuous improvement the firms’ security governance model through framework alignment, controls definition and assessment, maturation of risk processes, compliance with contractual/regulatory requirements, and third-party vendor management.      


  • Support the development and maintenance of security plans, policies, procedures, standards, and guidelines aligned to ISO27001 and NIST. 

  • Support and enhance the firm’s Heightened Security Process which entails working with business stakeholders globally to ensure appropriate security measures are in place at the engagement level.

  • Respond to, and mature the process of handling external client security assessments, RFP/RFI’s.  Coordinate responses to client questionnaires by working with internal stakeholders across disciplines.

  • Manage, mature, and execute on the process of third-party vendor diligence.  Laisse with business stakeholders to identify global suppliers, evaluate risk, and perform assessments. 

  • Manage activities pertaining to risk; execute a risk strategy inclusive of identification, categorization and prioritization, the development and maintenance of the register, and associated activities.

  • Define and perform internal control assessments (e.g. ISO27001, HIPAA) to identify opportunities for improvement and drive the development of action plans with stakeholders.    

  • Working with Legal, review contractual security provisions for alignment with firm controls.  Identify compliance requirements and define controls that can be used to meet those requirements.

  • Implement and maintain GRC tools to improve efficacy and provide visibility.


  • 5+ security governance, risk, and compliance experience or related.

  • Experience as an ISO27001 practitioner, assessor, or certified auditor a plus.

  • Broad understanding of cyber security concepts and risks.

  • Strong familiarity with industry frameworks such as ISO standards, NIST, and SOC reports.

  • Working knowledge of common audit and compliance tools.  Experience with a Governance/Risk/Compliance (GRC) platform required.

  • Experience with security policy, standards, and controls definition.

  • Hands-on experience performing and evaluating risk assessments.

  • Demonstrable knowledge in the management of third-party suppliers.

  • Strong analytical thinking, written, and oral communication skills.

  • Ability to drive responsibilities independently, while serving as a valued team member in the greater context. 


  • Bachelor Degree – preferably in Information Security, Computer Science or related area.

  • Industry recognized certification in security (e.g. CISSP, CISA, CEH, CRISC).

Voluntary Inclusion

It is Alvarez & Marsal’s policy to provide and promote equal opportunity in employment, compensation, and other terms and conditions of employment without discrimination because of race, color, sex, sexual orientation, family medical history or genetic information, political affiliation, military service, pregnancy, marital status, family status, religion, national origin, age or disability or any other non-merit based factor in accordance with all applicable laws and regulations.

Unsolicited Resumes from Third-Party Recruiters

Please note that as per A&M policy, we do not accept unsolicited resumes from third-party recruiters unless such recruiters were engaged to provide candidates for a specified opening. Any employment agency, person or entity that submits an unsolicited resume does so with the understanding that A&M will have the right to hire that applicant at its discretion without any fee owed to the submitting employment agency, person or entity.