GRC Manager

MeridianLink

14h

About The Position

The Manager of GRC, of the Security Operations and Compliance subfamily of the IS and Compliance job family, is responsible for the organization's information security, compliance, and risk management programs to safeguard internal company data and the data of our clients. The Security Operations and Compliance subfamily is responsible for the management of the company's information security policies, processes, and toolsets; vendor risk management in terms of their information security practices; audit; and compliance with internal security policies, government regulations, vendor security requirements, and customer security requirements. The Manager of GRC will oversee the strategic direction, establishment/execution of objectives, and/or people management of the Security and Compliance function. The GRC Manager role will create and manage security compliance policies and procedures. The role will plan, implement, manage, monitor, and upgrade solutions to defend against cyberattacks, hacking attempts, and threats.

Requirements

Bachelor’s degree in Information Security, Business Administration, IT, or related field.
5–7 years of experience in governance, risk management, and compliance
Ability to provide guidance to subordinates within the latitude of established MeridianLink policies
Ability to recommend changes to policies and establishes procedures that affect section or multiple disciplines
Ability to execute financials, business planning, organizational priorities, and workforce
Ability to follow processes and operational policies in selecting methods and techniques for obtaining solutions
Ability to develop and manages operational initiatives to deliver tactical results
Interacts frequently with subordinate supervisors, customers, and/or functional peer group professionals, involving matters between sections and multiple units
Responsible for impact partnering with key contacts outside own area of expertise and other external stakeholders
Ability to effectively communicate and present results and recommendations across discipline
Hands-on experience with GRC platforms (RSA Archer, ServiceNow GRC, MetricStream) and risk assessment tools
Experience with SOC 2 Type 2 and PCI audits

Nice To Haves

CISA (Certified Information Systems Auditor)
CRISC (Certified in Risk and Information Systems Control)
CISM (Certified Information Security Manager)
CISSP (Certified Information Systems Security Professional)
GRCP (GRC Professional) or CGRC (Governance, Risk & Compliance Certification) for specialized GRC knowledge

Responsibilities

Identifying, assessing, and mitigating risk
Establishing risk management procedures and processes to ensure adherence to policies
Developing, evaluating, and implementing compliance with programs and processes to mitigate cybersecurity risk
Ensuring protection of firm and allied assets and information
Conducting security risk assessments, compliance, and cybersecurity audits
Selecting, developing, and evaluating personnel to ensure the efficient operation of the function
Overseeing the development, evaluation, and implementation of governance, risk compliance, and processes to mitigate cybersecurity risk and ensure the protection of company and allied assets and information
Researching and interpreting current and pending laws and regulations, industry standards, and customer and vendor contracts to understand and communicate compliance requirements
Consulting with business and technical leadership to ensure that data, processes, and technology are designed for data protection and compliance
Overseeing information security risk assessments and compliance audits; direct the development and operational effectiveness of IT security controls
Monitoring investigations and documentation of cybersecurity compliance issues and incidents
Reviewing information security risk findings and non-compliance with business leaders and proposes solutions to mitigate risks