The Associate Director/Manager, IT Governance, Risk, and Compliance (GRC) works within the Information Security Office to support the Director of IT GRC with development and management of the GRC Program. In particular, this position is responsible for supporting the IT Governance program via managing the IT control framework, IT policies and procedures, and alignment of third party contracts with internal governance requirements and capabilities. The role will oversee and execute these activities with the support and management responsibility over 1-3 staff members. Remote work availability.
DUTIES AND RESPONSIBILITIES
Support and manage enterprise IT control framework as well as working with IT stakeholders on corresponding policies, procedures, and standards.
Monitor regulatory and internal requirements and ensure they are socialized and appropriately included in policy updates where needed.
Work with cross-functional teams to develop and implement security standards, policies, and response practices for continuious improvements within the security program.
Work with cross-function teams to interpret and ensure security measures comply with applicable policies.
Periodically respresent the information security program during contract negotiations.
Perform contract agreement reviews to ensure that our Information Security and IT programs meets or exceeds third party expectations.
Develop and maintain strong business and technology relationships.
Liase with other internal regulatory subject matter experts such as Legal, Privacy, Internal Audit, and others as needed to ensure alignment of technology controls with regulatory/policy/industry standard requirements.
Help ensure alignment of technology controls between requirements and critical business needs; and
Communicate effectively across multiple levels.
Bachelors in business/technology or related field required; graduate degree preferred.
Certifications in one or more of the following areas preferred: CISSP, CISA, CISM, CRISC,
JOB QUALIFICATIONS / REQUIRED SKILLS:
7-10 years in Information Security, IT Audit/Governance/Risk/Compliance, or similar role. At least 3-4 years of management experience preferred.
Strong knowledge of information security governance, risk, and compliance programs.
Strong understanding and experience with requirements in regulated IT environments; familiarity with GxP, HIPAA, SOX, and SSAE 18 requirements a plus.
Solid understanding of security, privacy, IT audit and legal security concepts, standards, guidelines and principles.
Proven project management and organizational skills, specifically managing multiple, concurrent project and/or multi-faceted workload.
Strong analytical background and technical skills with the ability to apply regulatory requirements to IT operational and technical controls.
Demonstrated leadership skills with ability to communicate effectively and collaborate strongly within a virtual team.
Strong interpersonal, verbal and written communication skills.
Excellent conceptual and critical thinking skills and sound judgment, with strategic
orientation and ability to perform tactically, as required.
Ability to work independently and as part of a team.
Apply on company website