APi Group is a global, market-leading business services provider of safety and specialty services in over 500 locations in approximately 20 countries. We have a winning culture driven by entrepreneurial business leaders to deliver innovative solutions for our customers.

At  APi Group, the mission is clear: We Build Great Leaders.  We believe that everyone at APi is a Leader and one of our core pillars of success is our distinct leadership development culture. We provide internally and cross-functional development programs across our businesses. Our culture of investing in leadership development at all levels of the organization has created an empowered, entrepreneurial atmosphere that facilitates organizational sharing of knowledge and best practices and enables the development of cross-brand solutions and innovation.  

We are currently seeking a Governance, Risk & Compliance Lead. In this role, you will lead the Governance, Risk, & Compliance (GRC) pillar of APi Group’s global Information Security program. The GRC pillar is a crucial component to APi Group’s security capabilities and is focused on overseeing APi’s cybersecurity framework, strategic alignment to business objectives, control implementation & risk mitigation, third-party risk management, information protection & governance strategies, and Cyber Safety awareness. This leadership role provides an opportunity to directly influence our ongoing global security strategy and roadmap.

Responsibilities:  

  • Develop and align security policies, standards, and procedures with security best practices, regulations, and security frameworks, such as NIST CSF, NIST 800-171, CIS Controls, DoD CMMC, and ISO/IEC 27001.
  • Communicate and champion the Cyber Safety Awareness program, including improving the “human firewall”.
  • Build and report on security policy violations; provide training to ensure violations do not recur.
  • Create and oversee APi Group’s Vendor Risk Management and Third-Party Risk Management programs.
  • Lead the cyber risk management capability, including risk acceptance and risk exceptions.
  • Establish the metrics and reporting framework for leadership, executives, and board around key metrics, residual risk, along with key and emerging risks.
  • Collaborate with staff to discuss computer data access needs, identify security threats and violations, and identify and recommend needed programming or process changes.
  • Partner with the Data Governance committee along with Legal, Internal Audit, and Data Privacy teams.
  • Develop and maintain security policy violations process; ensure reports are reviewed, validated, and provide training to ensure violations do not reoccur.
  • Establish processes to ensure security audits are performed to confirm proper security measures are in place and effective.
  • Champion Data Governance and Data Privacy strategy and initiatives.
  • Closely collaborate with Security Program Leads and global security teams to ensure aligned strategy.
  • Build and maintain GRC-focused vendor relationships.
  • Provide training, mentoring and guidance to team members and IT partners.
  • Maintain a working knowledge of applicable compliance and privacy drivers (SOX, GDPR, CMMC, CCPA, etc.)
  • Other related duties as assigned.

Qualifications and Competencies: 

  • A minimum of five to ten years of risk management, audit, information technology, or information security experience, with at least five years of security or audit-related experience.
  • Bachelor's degree in related field or equivalent combination of education and experience.
  • Experience with GRC tools and processes for risk management, tracking, and assessment delivery.
  • Knowledge of information security risk management frameworks and compliance practices, including NIST CSF, DoD CMMC, CIS Controls, and NIST SP 800-171.
  • Experience with implementation and oversight of digital operational risk, tracking findings, and executing remediation activities.
  • Detail oriented self-starter with strong conceptual, analytical, decision making, planning, time management, communication, and prioritization skills.
  • A technical understanding of IT networks, server administration, and IT applications.
  • Thorough understanding of computer-related security systems such as firewalls, encryption, and password protection and authentication.
  • Ability to create constructive relationships, influence, and communicate to IT, engineering & business audiences at all levels, to drive a risk-aware and security-minded culture that aligns with business processes and initiatives.
  • Impeccable confidentiality, attention to detail, and self-organization.
  • Self-directed and motivated with a positive and willing attitude.

 

APi Group provides competitive compensation and benefits that support the total well-being of you and your family, as well as providing formal learning and development opportunities to continue building great leaders.  This position is not eligible for sponsorship. 

APi Group is committed to complying with all laws prohibiting discrimination in employment and to providing equal employment opportunity to applicants and employees without discrimination on the basis of sex/gender, age, disability, race, color, ethnicity, religion, creed, national origin, military/veteran status, or other protected characteristics as defined by local, state, and federal law.   In keeping with this commitment, APi Group will provide reasonable accommodations in the application process to otherwise qualified applicants with a disability.  Applicants who wish to request a reasonable accommodation of disability in connection with the application process should contact Employee Services at 651-604-2882 or email  EmployeeServices@apigroupinc.us.

If you want to view the EEO is the Law poster, please choose your language: EnglishSpanishArabic - Chinese

If you want to view the EEO is the Law Supplement poster, please choose your language: EnglishSpanishChinese

If you want to view the Pay Transparency Policy Statement, please click the link: English