Lead Manager, Security Governance, Risk & Compliance
Employment Information
Report this job
Job expired or something wrong with this job?
Job Description
Lead Manager in Security Governance, Risk & Compliance at Make-A-Wish America. Supporting GRC and managing risks to ensure compliance with regulations and standards.
Responsibilities:
- Assist in the development, implementation, and maintenance of GRC frameworks and managing third-party risk.
- Contribute to the assessment and mitigation of organizational risks.
- Maintain internal policies, standards and security baselines, oriented toward compliance and regulatory standards - as well as, enforcement of secure practices.
- Manage risk acceptance and policy exception processes, ingesting risks and creating tracking, reporting and accountability mechanisms.
- Participate in audits of security controls and processes.
- Assist with the creation and maintenance of documentation related to GRC activities, TPRM, Business Continuity Planning (BCP), Business Impact Analysis (BIA) and Disaster Recovery.
- Assist in the identification of control gaps.
- Contribute to the development of remediation plans.
- Conduct due diligence on potential third-party vendors to evaluate their security posture, financial stability, and compliance with relevant regulations.
- Assist in monitoring compliance activities.
- Collaborate with various departments to integrate TPRM into vendor management processes.
- Perform vendor and product risk assessments, to align vendors and products with applicable standards, policies and security baselines.
- Create and maintain vendor questionnaire and Data Protection Agreements (DPA).
- Vendor Responsibility Agreement, covering performance standards, security obligations, adherence to the Change Management process, training, communications, and documentation.
- Assist Legal with vendor reviews and responses.
- Conduct audits of third-party security controls, processes and vendor performance compliance and address and risks that arise.
- Aid in the development of risk training and awareness programs.
- Maintain GRC monitoring applications.
- Performs other related job duties, as assigned.
Requirements:
- Bachelor’s degree in Computer Science or related technology field or equivalent experience required.
- 5+ years of total experience with 2+ years of hands-on experience designing, building, and supporting enterprise GRC and TPRM solutions.
- Understanding of GRC concepts and frameworks (e.g., ISO 27001, NIST, Cybersecurity Framework (CSF), SOC, GDPR)
- Experience: IT Compliance, IT Audit, IT Security, Cloud Security, PCI, HITRUST, HIPPA, GRC, Risk management, Risk analysis
- Proficiency in Microsoft Office Suite (Word, Excel, PowerPoint).
- Relevant and Current Certifications Preferred: e.g., Certified in Governance, Risk and Compliance (CGRC), Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Auditor (CISA), GRC Professional (GRCP), etc.
- Knowledge and experience with OneTrust Tools is preferred.
Benefits:
- Comprehensive benefit package, effective day 1: Medical, Vision*, Dental*, Wellness
- Competitive compensation with annual incentive potential
- Health Savings Account and Flexible Spending Account Options
- Health Reimbursement Account fully funded by Make-A-Wish America
- Short Term Disability*, Long Term Disability* and Life Insurance
- Additional Insurance Plans: Accident, Critical Illness, Hospital Indemnity, Pet Insurance through Figo
- 401(k) Retirement Savings Plan with 5% match after one year of service
- Eligibility for student loan forgiveness through the Public Service Loan Forgiveness Program
- The organization will send a laptop, 24” monitor, and a docking station/adaptor to new hires
Similar Jobs
Senior Director – Cyber Security Architecture and Engineering Services
Senior Director of Cybersecurity Architecture at U.S. Financial Technology leading cloud-based security initiatives. Ensuring compliance and enhancing efficiencies in cybersecurity architecture and engineering.
Information Security Engineer
Information Security Engineer responsible for optimizing security platforms at Deel's global remote environment. Leading cybersecurity initiatives and collaborating with teams worldwide.
Workday Security Administrator – Modernization Program
Workday Security Administrator managing security configuration and access controls for WVU. Collaborating across HR, Finance, and IT to ensure system integrity and compliance.
Security Engineer, Offensive Security
Security Engineer focusing on advanced vulnerability management and Pentesting as a service at Thrive. Collaborating with clients and ensuring high security standards while fostering trust in cybersecurity capabilities.
Cyber Security Expert – Senior Director/Analyst
Senior Director Analyst supporting national defense modernization and innovation through cybersecurity expertise. Analyzing global market trends and delivering actionable insights to executive clients.
Software Engineer – Product Security
Product Security Engineer developing and operating enterprise security controls. Collaborating with product teams at Allstate to enhance security practices.
Regional Channel Lead – Security & Identity
Channel Account Manager responsible for architecting partner ecosystems and driving revenue. Joining SecureW2's mission towards passwordless security solutions.
Senior Consultant, Penetration Testing
Senior Consultant in Penetration Testing for independent IT management and cybersecurity consultancy. Engaging in web and infrastructure penetration tests and improving client IT security.
Enterprise Account Executive, Cloud Security
Enterprise Account Executive at Foresite selling Google Cloud Security solutions. Collaborating with Google and security specialists to drive revenue growth in mid-market and enterprise accounts.
Cyber Security Engineer – Contract
Cyber Security Engineer responsible for security technologies and operational initiatives at Sunshine Enterprise. Implementing, integrating, and maintaining security technologies across a large-scale environment.
Cybersecurity Architect
Cybersecurity Architect embedding security into every phase of software development lifecycle for cloud infrastructure at Castille Resources Ltd. Designing and implementing security controls and a zero-trust environment.
Network Security Engineer
Security Engineer supporting enterprise security operations and enhancing overall security monitoring across a centralized environment. Focused on designing, tuning, and maintaining security detection rules.
Principal Consultant – Cyber/Physical Security
Principal Consultant leading Cyber-Physical Security for Bureau Veritas, offering consulting services in industrial sectors. Ensuring technical delivery excellence and guiding client engagements in cyber-physical security practices.
Lead II, Cybersecurity Defense
Cybersecurity Defense professional at Kyndryl focusing on incident response, threat hunting, and vulnerability management. Monitor infrastructure security and protect organizations from cyber threats in a supportive environment.
Director – Infrastructure Security
Director of Infrastructure Security at 1Password securing its cloud-native platform and leading a team of engineers. Responsible for setting security direction and ensuring scalable security across various systems.
Principal Information Security Engineer
Principal Information Security Engineer responsible for enterprise security tools at Fifth Third Bank. Advancing Zero Trust strategies and mentoring junior team members in a virtual environment.
Project Manager, Security Questionnaire
Project Manager at Workstreet overseeing multiple client engagements in security compliance. Managing Jira workflows and collaborating with cross-functional teams in a remote-first culture.
Security Authorization Specialist
Security Authorization Specialist managing FedRAMP compliance for the Game Warden platform. Collaborating with cross-functional teams to ensure security and regulatory requirements are met.
Product Security Compliance Lead
Product Security Compliance Lead at Second Front Systems ensuring security architecture and compliance programs. Leading a team in security accreditation efforts and driving innovation in compliance processes.
Senior Cybersecurity Engineer, Advanced Security
Join Presidio as a Senior Cybersecurity Engineer to architect and optimize cutting-edge security solutions. Mentor talent while collaborating to innovate threat detection and response capabilities.