Governance Risk and Compliance Manager

Governance, Risk, and Compliance (GRC) Manager

Initially onsite for 3 months and then will be hybrid

12 month rolling contract

Job Summary

The GRC Manager develops and oversees governance, risk, and compliance programs, ensuring adherence to regulations and corporate standards. This role collaborates with cross-functional teams, senior leadership, and external auditors to align GRC initiatives with business objectives.

Key Responsibilities

• Governance: Establish and maintain policies, security frameworks, and reporting processes aligned with industry standards (NIST, ISO 27001, HIPAA).
• Risk Management: Identify, assess, and mitigate enterprise risks, including information security, data privacy, and regulatory compliance. Oversee risk assessments and third-party risk management.
• Compliance: Ensure adherence to regulations (HIPAA, GDPR, PCI-DSS, SOX), manage audits, track security training, and oversee remediation efforts.
• Incident Response: Develop and maintain incident response plans, analyze incidents for trends, and ensure regulatory compliance in security matters.
• Collaboration: Work with IT, Legal, HR, and Procurement to meet GRC objectives, manage vendor risks, and report to senior leadership.

Qualifications

Required:

• Bachelor's degree in Information Security, Business, or a related field.
• 5 years in GRC roles, preferably in regulated industries (e.g., healthcare).
• Expertise in GRC frameworks (NIST, ISO 27001, HIPAA, PCI-DSS).
• Experience with risk assessments, audits, and GRC implementations.
• Strong project management and communication skills.

Preferred:

• Master’s degree in a relevant field.
• Certifications: CGRC, CISA, CISSP, CRISC, CISM.

Key Competencies

Strategic thinking, risk assessment, leadership, analytical mindset, and strong communication skills.