Job Summary:

The GRC Program Manager has oversight responsibility for Information Technology (IT) security risk and controls for Information Technology and business processes. This role will develop and maintain policies, processes and procedures for IT, coordinating with other departments for enterprise-wide policies, processes and procedures.

Essential Job Functions:

  • Develop, implement, and maintain the information security program, risk and controls function.
  • Collaborate and drive business and cyber risk program alignment across the enterprise, innovate and institute change to manage risk.
  • Assist with the implementation and ongoing support for all security measures necessary to ensure Personally Identifiable Information (PII) is secure and all business requirements and applicable State and Federal regulations are met.
  • Manage enterprise wide data governance framework, with a focus on improvement of organizational policies and standards, principles, governance metrics, processes, related tools and data architecture.
  • Plan, execute, and manage multiple projects to budget, completing audits and business process control reviews.
  • Review and test company-wide IT Security & Controls processes to assess business risks, controls, and the overall effectiveness.
  • Develop and execute project and vendor risk assessments, recommend risk mitigation techniques, and identify opportunities for security and control improvements.
  • Maintain active communication with project teams and vendors, managing expectations and ensuring adherence to policies.
  • Work with and support leadership and team members to achieve goals of the IT Security and Controls team.
  • Act as the key contact for clients' Governance, Risk Management and Compliance (GRC) team.
  • Work with IT to complete audits, updating Component Assessments as needed.
  • Create and update content for compliance and privacy training, facilitating sessions for employees and contractors as needed.
  • Stay current on the ever-changing information security and privacy landscape, ensuring all policies and controls are relevant.

Minimum Qualifications and Job Requirements:

  • Multi-disciplined experience within an IT environment (7+ years).
  • Information security, privacy and information protection leadership experience (5 years).
  • IT Security & Controls policy and compliance enforcement experience.
  • Experience successfully scoping, planning and driving technology development projects.
  • Experience creating and enforcing security policies for the Enterprise and our Suppliers.
  • ISO information security experience is a plus.
  • Audit experience

Skills, Knowledge, and Abilities:

  • Proactively problem-solve and multitask while maintaining composure and attention to detail.
  • Follow-through mindset to uphold a ‘close the loop’ culture.
  • A positive approach to serving customers and providing exceptional customer service.
  • Ability to demonstrate good judgment, high ethics and project a professional image.
  • Ability to work independently and as a collaborative team member with a positive ‘can do’ attitude.
  • The drive to identify and seize opportunities for continuous improvement as business needs change.
  • Excellent organization, flexibility and time management skills and the ability to work in a dynamic, deadline-driven environment.
  • Exceptional interpersonal and business communication skills (written, verbal, listening).
  • Proficient in Microsoft Office skills (Word, Excel, and PowerPoint).