GRC Manager

Company Overview

(Not specified)

Job Summary

The GRC Manager will oversee governance, risk management, and compliance processes within the organization. This role focuses on conducting assessments, supporting policy implementation, and ensuring adherence to relevant standards and frameworks.

Responsibilities

• Participate in governance, risk, and compliance-related assessments and develop associated policies and procedures.
• Conduct comprehensive security assessments based on ISO 27001:2022, NIST 800, NIST Cybersecurity Framework (CSF), PCI DSS, and HITRUST, including gap analysis and actionable risk recommendations.
• Lead the development and execution of risk methodology and maintain updates for Governance, Risk and Compliance (GRC) assessments related to SOC1, SOC2, and other regulatory requirements.
• Collaborate across different business environments to ensure audit readiness and address compliance needs.
• Act as a consulting resource to business units, helping them understand and implement internal controls aligned with strategic initiatives and upcoming audits.
• Liaise between GRC and internal/external audit entities, external customers, and government regulators.
• Support business units in technology risk assessment, vendor management, and compliance-related informed decision-making.
• Promote a performance-focused culture within the organization that enhances compliance and supports growth initiatives.
• Coordinate, track, and report on divisional metrics and data-related activities to derive meaningful risk metrics and reports.

Qualifications

• Educational Requirement: Bachelor’s degree in Computer Science, Information Technology, Risk Management, or related field.
• Certifications: Two required certifications, preferred certifications include Certified Information Systems Auditor (CISA), Certified in Risk and Information System Controls (CRISC), and Certified Information Systems Security Professional (CISSP).
• 8+ years of combined experience in consulting, external audit, internal audit (both in-house and outsourced), and assurance services; experience with a Big 4 firm is required.
• 8+ years of hands-on experience in designing and implementing technology controls in diverse environments, including auditing, risk assessments, and providing remediation recommendations.
• 5+ years of hands-on experience in business process design, identity access management, data privacy, system development life cycle (SDLC), and incident response.
• 8+ years of operational leadership experience in diverse industries such as consulting, financial services, insurance, and healthcare.
• 8+ years of audit experience specifically focused on SOC1, SOC2, and regulatory compliance.
• 8+ years of operational experience in accounting, HR, IT operations, and risk management.
• Proven experience as a Subject Matter Expert (SME) in frameworks like COSO, ISO, NIST, PCI, HITRUST, and GDPR.

Preferred Skills

• GRC Consulting, Risk Management, familiarity with GRC tools like Archer.
• Understanding of SOC, vendor management in security services, and continuous improvement methodologies.

Experience

8 to 10 years of relevant experience in GRC and audit roles across various industries.

Environment

(Not specified)

Salary

(Not specified)

Growth Opportunities

(Not specified)

Benefits

(Not specified)