IT GRC Program Administrator II

About The Position

Requirements

• Bachelor's Degree in Information Technology, Information Security or equivalent, with preferred certifications in CISA, CISSP, CISM, GSEC, BCP, CGRC, or other relevant information security.
• 2-4 years of experience in IT compliance, risk management, cybersecurity policy analysis, and audit-related work.
• Proficiency in managing system development processes, end-user computing controls, cloud systems, infrastructure management, and information security practices.
• Knowledge of security/compliance standards such as CIS, NIST, GDPR, GLBA, CCPA, 23 NYCRR 500, IRS 1075, HIPAA.
• Excellent communication skills, able to articulate complex concepts effectively.
• Strong analytical and critical thinking skills.
• Self-directed, capable of independent work and managing multiple concurrent projects.
• Keen technology learner with demonstrated ability for identifying potential process improvement opportunities.
• Onsite presence required.

Responsibilities

• Maintaining and enhancing corporate policies in line with industry standards and corporate needs.
• Ensuring effective communication and comprehension of policy obligations across various stakeholders through multiple channels.
• Regularly reviewing, updating, and modifying policies to align with organizational changes.
• Improving and managing the implementation of metrics for GRC activities to monitor compliance adherence, risk treatment, and improvement projects.
• Regularly reporting these metrics and progress to various audiences, including senior leadership.
• Managing and optimizing a risk register that encapsulates all risks affecting the business and facilitating the gathering and tracking of these risks.
• Continually refining our approach to risk evaluation and ensuring a common risk communication language across the organization.
• Regularly monitoring and reassessing organizational risks, adjusting the organization's stance based on in-place controls.
• Managing and enhancing our third-party risk management program, including refining evaluation criteria, expected evidence, reevaluation timeframe, and remediation processes.
• Regularly evaluating new and existing vendors based on their criticality to the business and integrating third-party evaluations into workflows.
• Identifying third-party issues and tracking them till remediation or business acceptance, and effectively managing third-party offboarding obligations.
• Enhancing data standards, processes, and procedures to ensure data integrity and compliance, conducting regular audits for data accuracy, completeness, and reliability.
• Collaborating with stakeholders to understand and document data privacy requirements and assisting with the development of data security models and design.
• Collaborating with IT and business teams to develop a robust IT risk management framework, regularly reviewing and updating this framework in line with emerging trends, threats, and industry best practices such as ISO 27001, NIST, or COSO.
• Implementing, managing, and enhancing comprehensive GRC frameworks and toolsets, ensuring they align with organizational needs.
• Supporting incident management activities in accordance with established frameworks, including incident identification, assessment, tracking, and resolution.
• Developing and delivering GRC-related training to enhance the organization's understanding of concepts related to compliance, risk, and cybersecurity
• Facilitating internal and external due diligence requests in accordance with various regulatory agencies and managing the implementation of audit recommendations.
• Collaborating with legal and regulatory bodies to ensure the organization's cybersecurity program is compliant with all relevant laws, regulations, and industry-standard frameworks.
• Managing the organization's business continuity planning and disaster recovery efforts in line with accepted frameworks, ensuring plans are regularly updated and tested.
• Driving the integration of GRC principles and frameworks into the organization's culture and daily activities.
• Regularly reporting on the status of GRC activities to Senior Leadership and other stakeholders, providing insight into the organization's risk posture, compliance status, and governance effectiveness per established frameworks.
• Developing and maintaining relationships with external vendors, partners, regulators, and industry bodies to keep abreast of developments in the GRC field, including emerging frameworks and best practices.

Benefits

• Paid Time Off (PTO) after just 30 days
• Additional parental and maternity leave benefits after 12 months
• Adoption reimbursement program
• Paid volunteer hours
• Paid training and career development
• Medical, dental, vision and life insurance
• 401k with employer match
• Mortgage discount and area business discounts
• Free membership to our large, state-of-the-art fitness center, including exercise classes such as yoga and Zumba, various sports leagues and a full-size basketball court
• Wellness area, including an in-house primary-care physician’s office, full-time massage therapist and hair salon
• Gourmet cafeteria featuring homemade breakfast and lunch
• Convenience store featuring healthy grab-and-go snacks
• In-house Starbucks and Dunkin
• Indoor/outdoor café with Wi-Fi