Sr. Manager, Governance, Risk & Security Compliance

About The Position

Requirements

• Bachelor’s Degree or equivalent experience
• CISSP certification
• CISM/CRISC/CISA certifications
• 8+ years IT/technical experience including cloud experience
• 7+ years of people leadership experience
• 5+ years of IT security and compliance experience
• This role involves overseeing team members and interaction and collaboration with other departments and requires excellent judgment and interpersonal skills.
• Proven work experience as Manager of GRC or similar role.
• In depth understanding of the business impact from a data privacy breach of HIPAA and/or PII data.
• Understanding in conducting a cybersecurity audit and performing a privacy / vendor risk assessment.
• Experience in managing a security awareness phishing and training campaigns using automated solutions.
• Inspiration on how best to educate and train employees against opening a malicious attachment/URLs, scan QR codes or click on a Smish, or Vish.
• Hands on experience with a GRC SaaS platform such as OneTrust or Archer.
• Understanding risk ratings (high, critical, moderate) and the ability to form a risk-based decision of their impact from a threat.
• Knowledge of malware, ransomware, credentials compromise, phishing, PUP, OWASP, their impact and how to protect against them from nation state threat actors and common attackers.
• In depth knowledge of legal and people/HR team investigative protocols, and processes.
• Detail-oriented and critical thinking of technical and non-technical scenarios.
• Communication skills and working with other leaders / influencers.
• Networking knowledge; switching, MS Intune, MS conditional access, firewalls, WAN and wireless infrastructure, iOT and remote access.
• Experience developing, socializing, implementing, and enforcing policies, standards, and procedures.
• Up-to-date understanding of a wide range of incident response, system configuration, vulnerability management, PEN testing, secure design, architecture, and hardening guidelines.
• Understanding of secure coding toll gates in application development lifecycle management and iterative agile methodology.
• Understanding of zero trust architectures and applicability.
• Demonstrated ability to lead, mentor, and develop high-performing technical teams, fostering accountability, trust, and continuous growth.

Nice To Haves

• Bachelors degree in information security, technical management, or business administration.
• 7+ years of IT security, technology, compliance experience is preferred
• Microsoft 365 Certified Security Administrator Associate

Responsibilities

• Develop, implement, and maintain effective governance frameworks and policies to ensure organizational alignment with industry best practices and applicable regulatory compliance.
• Own the IT Policy, Standards and Compliance framework to ensure they are relevant, up to date, and enforced through the collaboration with senior leadership across the organization.
• Develop and refine risk mitigation strategies and action plans to safeguard the organization against potential threats; provide clear and concise directives to perform a mitigation or compensating change in the environment.
• Protect business applications in compliance with privacy, security, resiliency and data privacy through partnership with vendor, business, and IT stakeholders and leaders.
• Own Security compliance projects / initiatives that eliminate or manages exposure to the identified risk.
• Collaborate with compliance leaders to stay abreast of evolving healthcare regulations, standards, and federal/state laws.
• Analyze and propose resources for projects or initiatives.
• Communicate and collaborate with executives, managers, stakeholders, and contractors.
• Collaborate with internal teams to ensure the secure development, deployment, and maintenance of internally developed healthcare applications.
• Ensure there are security assessments and audits of applications, identifying vulnerabilities and oversee remediation efforts.
• Provide day-to-day leadership, coaching, and development for the GRC, Technology, and security compliance team, ensuring team members have clear direction, actionable feedback, and the support needed to grow technical and leadership capabilities.
• Set performance expectations, establish accountability, and guide the team through complex technical, compliance, and risk-mitigation work, ensuring high-quality execution and alignment with organizational priorities.
• Foster a strong team culture centered on collaboration, transparency, and continuous improvement, proactively removing barriers, encouraging knowledge-sharing, and motivating the team to deliver consistent, high-impact results.
• Coach and support Team Members through complex and high-impact situations, helping them build confidence, clarity, and sound decision-making
• Work with consultants and lead projects with contractors when needed.
• Provide input in strategic technical decisions and solutions to senior leadership.
• Manage time effectively and ensure timely communications with stakeholders, leaders and team members in communication channels.
• Focus on process improvement and process documentation efforts, reviewing staff and leader feedback for enhancements and changes.
• Identify and provide solutions to operational issues to improve data and privacy protection.
• Evaluate new regulatory statutes and determine its applicability and timing for implementation.
• Understand and articulate the key technical and operational challenges to mitigate a threat.
• Act as a Security compliance escalation point within the Cybersecurity team.
• Provide compliance consultation, training, and support to leaders and Team Members.