What are the responsibilities and job description for the Governance Risk Compliance & Privacy Manager position at Utility, Inc.?
Position Summary
Reporting to the VP of IT, Security, and Compliance, the Governance Risk Compliance (GRC) & Privacy Manager is responsible for managing risks related to information security, privacy, and regulatory compliance within the organization. This role involves developing and implementing policies, assessing risks, ensuring compliance with industry standards and regulations, and implementing control measures to mitigate risks. Key responsibilities include conducting risk assessments, developing risk mitigation strategies, monitoring compliance with frameworks such as ISO 27001, GDPR, NIST, and FedRamp conducting vendor risk assessments, and collaborating with different departments to manage risks and ensure compliance. The GRC & Privacy Manager also creates and maintains information security standards, conducts gap analyses, and prepares for regulatory examinations.
Working Conditions: Regular office/hybrid environment.
Essential Duties And Responsibilities
This role requires the employee to maintain a stationary and upright position consistently. Employees must be able to move frequently within an office environment to utilize office machinery and other resources. The employee should be able to communicate information and concepts consistently and effectively for mutual understanding, including conveying precise details during these interactions. For accurate task execution, it is essential that the employee consistently maintains consistent specific vision abilities, especially the capability to discern close-up details within a few feet of the observer. Seldom does this role entail the transportation of items weighing up to 15 pounds to meet various demands.
Note
This job description in no way states or implies that these are the only duties to be performed by the employee(s) incumbent in this position. Employees will be required to follow any other job-related instructions and to perform any other job-related duties requested by any person authorized to give instructions or assignments. All duties and responsibilities are essential functions and requirements and are subject to possible modification to reasonably accommodate individuals with disabilities. To perform this job successfully, the incumbents will possess the skills, aptitudes, and abilities to perform each duty proficiently. Some requirements may exclude individuals who pose a direct threat or significant risk to the health or safety of themselves or others. The requirements listed in this document are the minimum levels of knowledge, skills, or abilities. This document does not create an employment contract, implied or otherwise, other than an “at-will” relationship.
Powered by ExactHire: 165741
Reporting to the VP of IT, Security, and Compliance, the Governance Risk Compliance (GRC) & Privacy Manager is responsible for managing risks related to information security, privacy, and regulatory compliance within the organization. This role involves developing and implementing policies, assessing risks, ensuring compliance with industry standards and regulations, and implementing control measures to mitigate risks. Key responsibilities include conducting risk assessments, developing risk mitigation strategies, monitoring compliance with frameworks such as ISO 27001, GDPR, NIST, and FedRamp conducting vendor risk assessments, and collaborating with different departments to manage risks and ensure compliance. The GRC & Privacy Manager also creates and maintains information security standards, conducts gap analyses, and prepares for regulatory examinations.
Working Conditions: Regular office/hybrid environment.
Essential Duties And Responsibilities
- Conduct enterprise-wide, ongoing risk analysis in tandem with compliance and security.
- Maintain oversight in a GRC-related platform such as Drata, Vanta, SecureFrame, OneTrust, etc.
- Assess and prioritize risks to information security, privacy, and cybersecurity
- Ensure compliance with industry and government regulations
- Develop and maintain policies, standards, and processes
- Maintain strong oversight of third parties, vendors and business partners to safeguard against undue risk presented by external entities. Escalate to security management and business unit leads when points of weakness are discovered.
- Attend and fully engage in change and project management meetings.
- Liaison with auditors, both internal and external, to maintain and implement controls for compliance and privacy laws.
- Test and monitor privacy and security controls
- Research threats and develop risk mitigation plans
- Identify and analyze process gaps
- Develop recommendations for remediation
- Map regulatory requirements for controls
- Bachelor's degree in information security, information technology, computer science or other related technology degree
- Five years of Risk and/or Governance, Risk & Compliance experience.
- Excellent leadership, communication, and problem-solving skills.
- Research and recommend basic technology improvements to enhance efficiency.
- Strong customer service orientation with the ability to build relationships across the organization.
- Excellent active listening, written, and verbal communication skills with the ability to influence at all levels of an organization
- Understanding of relevant laws, regulations, and standards
- Knowledge of best practices for developing and implementing compliance programs
- Ability to analyze complex data and identify trends or discrepancies related to compliance and risk
- Proficient in both written and verbal communication to convey compliance issues and policies clearly
- Ability to stay updated on emerging technologies and industry trends
- Preferred experience with cloud environments such Amazon Web Services (AWS) and Microsoft Azure.
This role requires the employee to maintain a stationary and upright position consistently. Employees must be able to move frequently within an office environment to utilize office machinery and other resources. The employee should be able to communicate information and concepts consistently and effectively for mutual understanding, including conveying precise details during these interactions. For accurate task execution, it is essential that the employee consistently maintains consistent specific vision abilities, especially the capability to discern close-up details within a few feet of the observer. Seldom does this role entail the transportation of items weighing up to 15 pounds to meet various demands.
Note
This job description in no way states or implies that these are the only duties to be performed by the employee(s) incumbent in this position. Employees will be required to follow any other job-related instructions and to perform any other job-related duties requested by any person authorized to give instructions or assignments. All duties and responsibilities are essential functions and requirements and are subject to possible modification to reasonably accommodate individuals with disabilities. To perform this job successfully, the incumbents will possess the skills, aptitudes, and abilities to perform each duty proficiently. Some requirements may exclude individuals who pose a direct threat or significant risk to the health or safety of themselves or others. The requirements listed in this document are the minimum levels of knowledge, skills, or abilities. This document does not create an employment contract, implied or otherwise, other than an “at-will” relationship.
Powered by ExactHire: 165741
Salary : $130,000 - $165,000
