Senior Principal, IT Governance, Risk and Compliance, GRC
Employment Information
Report this job
Job expired or something wrong with this job?
Job Description
Senior Principal responsible for supporting GRC program at American Red Cross. Overseeing IT controls, policy development, and audit readiness for critical systems.
Responsibilities:
- Serve as the primary IT audit liaison, ensuring clear communication, efficient evidence collection, and timely resolution of audit inquiries across technology and business teams
- Work with Internal and External auditors, business stakeholders and suppliers as appropriate on required IT control assessments and audits
- Provide first level of support and consulting to the business and IT on internal audit activities and results as well as risk mitigation initiatives in response to audit findings
- Manage overall remediation process and create and oversee action plans to remediate issues
- Ensure audit readiness by proactively identifying control weaknesses and coordinating pre‑audit walkthroughs, evidence validation, and test preparation.
- Assist the Director, IT Governance, Risk, and Compliance and Senior Director, IT Governance, Risk and Compliance with IT governance and controls, internal and external audit readiness and support, and policy and standard development
- Responsible for daily governance, risk, control, and compliance functions leveraging ServiceNow
- Participate in and contribute to the IT Governance, Risk and Compliance program, ensuring IT controls, policies, processes, and procedures support the mission of the Red Cross and meet state and federal regulations and laws, as well as best practices
- Collaborate with and influence technology and business leaders and staff to create, sustain, and strengthen internal control framework for the organization through control identification, design, implementation, and testing
- Provide guidance, training, and motivation necessary to create control awareness, ownership and accountability to stakeholders
- Consult with Information Security, Office of General Counsel/Legal, Supply Management, Risk Management, Audit Services, and other appropriate parties sharing expertise and knowledge to strengthen the Red Cross control environment
- Interpret regulatory compliance requirements and assist with gap analysis of current policies, procedures, and practices as they relate to established guidelines outlined by NIST-800-53/171/30 and other regulatory standards
- Provide guidance, interpretation, and support of SOC 1 and SOC 2 Security Trust criteria
- Research regulations by reviewing regulatory bulletins and other sources of information, to maintain quality service by establishing and enforcing organization standards
- Drive continuous improvement of the GRC program by identifying control inefficiencies, modernizing governance processes, and recommending ServiceNow automation opportunities.
- Participate in on-going evaluations and validation of IT control effectiveness and internal business processes via ServiceNow and other tools, as they relate to compliance activities within areas of responsibility
- Ensure high‑quality documentation and evidence standards across the organization to support repeatable, audit‑ready control operations.
- Identify and communicate opportunities to enhance technical controls which contribute to sustaining a robust control environment
- Document, track, and report on control gap findings, risk, impacts and recommendations to management
- Participate in the establishment of actionable metrics to drive the control assessment process and influence behaviors to IT Leadership
- Manage the Exception and Risk Acceptance Process as it relates to control gaps and audit findings
- Proactively monitor emerging risks and coordinate targeted control assessments to identify vulnerabilities before they surface in audits
- Support and assist with coordination and implementation of Information Technology policies and standards to sustain regulatory and compliance initiatives as required by the business needs
- Work and consult with the IT GRC colleagues during policy review and communication
- Analyze policies, standards, procedures, and guidelines for regulatory and compliance requirements, and recommend solutions for identified weaknesses, to improve compliance operations, recommend and assist in changes to best practices
Requirements:
- Bachelor’s degree in a related field required (IT, audit, and/or information security) or closely related discipline.
- Minimum 10 years of related experience or equivalent combination of education and related experience required
- 3-5 years of experience in IT GRC or IT audit with hands-on ServiceNow GRC experience
- Working knowledge of control frameworks, IT general controls, and security controls such as, NIST, ISO, COBIT, FedRAMP, SOC 2, ISO 27001
- Highly motivated and proactive with strong organizational, communication, and project management skills
- Experience drafting, remediating, or editing of IT policies, standards, procedures and controls
- Experience working cross-functional with engineers, product and security teams, business leaders at all levels of the organization
- Demonstrated ability to coordinate large-scale IT audit engagements, drive remediation outcomes, and elevate control maturity across complex environments
- Strong capability to translate regulatory and technical control requirements into practical, actionable guidance for diverse technical and non‑technical stakeholders.
- Experience coordinating with internal and/or external audit teams
- Ability to understand key controls and communicate them in a digestible way to IT technologists, control owners, and senior leaders
- Strong written and oral communication skills with utilization of appropriate tools (MS Excel, ServiceNow, etc.)
- Solid analytical and problem-solving skills in process review and issue remediation
- Open-mindedness, creative thinking, willingness to take calculated risks, and make informed decisions
- A sense of unparalleled passion, energy, and eagerness to contribute to and support the mission of the Red Cross
Benefits:
- Medical, Dental Vision plans
- Health Spending Accounts & Flexible Spending Accounts
- PTO: Starting at 15 days a year; based on type of job and tenure
- Holidays: 11 paid holidays comprised of six core holidays and five floating holidays
- 401K with up to 6% match
- Paid Family Leave
- Employee Assistance
- Disability and Insurance: Short + Long Term
- Service Awards and recognition
Similar Jobs
Regulatory Risk Support
Regulatory Risk Support role assisting the Regulatory Risk Division with BSA compliance and administrative tasks. Involves preparing reports, managing research, and supporting the Compliance department.
Senior Regulatory Affairs Specialist
Senior Regulatory Affairs Specialist at Merit Medical determining regulatory pathways for medical device submissions. Collaborating with teams on U.S. and international regulatory requirements and submissions.
Federal Contracts & Compliance Manager
Federal Contracts & Compliance Manager overseeing federal contract administration and regulatory compliance. Managing GSA Schedule and advisory roles in protests and audits within Lynker Corporation.
Coordinator, Global Fire Life & Safety Compliance
Coordinator for Global Fire Life & Safety Compliance at Hyatt. Overseeing global safety program and ensuring compliance standards across properties.
Manager, Clinical Compliance
Manager of Clinical Compliance overseeing and expanding Eleanor Health’s clinical care compliance across multiple markets. Leading a team to ensure adherence to state regulations and accreditation standards.
Clinical Compliance Contractor – Contract to Hire
Clinical Compliance Contractor supporting compliance operations, licensure, and accreditation at Eleanor Health. Role requires independent work and expertise in healthcare compliance with a focus on behavioral health.
Senior Quality Compliance Manager
Senior Manager overseeing GMP/GDP inspections for a global biotech company. Leading quality compliance efforts and regulatory interactions to ensure operational excellence.
Senior Manager, Regulatory Strategy
Senior Manager/Associate Director of Regulatory Strategy for clinical development programs at Praxis Precision Medicines. Leading global regulatory strategies and lifecycle management in biotech/pharma.
Senior Specialist, Regulatory Operations
Senior Specialist leading regulatory operations for clinical trials at Care Access. Ensuring compliance with U.S. regulations and supporting site-level activities in a remote role.
US Regulatory Lead
US Regulatory Lead providing regulatory expertise for Amgen molecules. Planning and executing regulatory strategies in compliance with local regulations.
Government Compliance Manager
Government Compliance Manager at Workstreet guiding clients through federal cloud compliance frameworks. Leading teams in FedRAMP, GovRAMP, and NIST 800-53 authorization processes.
Regulatory Manager – Obesity, Related Conditions
Regulatory Manager at Amgen overseeing U.S. regulatory strategy and compliance for Obesity products. Leading clinical trial support and regulatory submissions for product licensing.
Global Regulatory Director Lead – Obesity & Related Conditions, Type II Diabetes
Director providing regulatory leadership for obesity and related conditions at Amgen. Developing global strategies and leading interactions with health authorities.
Compliance Lead
Compliance Lead overseeing end-to-end tax filing and compliance across multiple jurisdictions for a global trade infrastructure startup. Focus on accuracy and scalability with automation in processes.
IT & Compliance Manager
IT & Compliance Manager at LINK, overseeing IT operations and compliance with a focus on federal standards. Leading CMMC certification and managing cybersecurity initiatives in a remote setup.
Risk Management Consultant – GRC Practice
Risk Management Consultant at Artemis Connection helping clients build and mature enterprise risk programs. Focused on strategic, operational, regulatory, and reputational risks with an emphasis on cybersecurity.
Governance Consultant – GRC Practice
Governance Consultant enhancing compliance practices across sectors, assessing current governance, designing structures, and driving adoption. Client-facing role focusing on strategic decision-making in governance and risk.
Compliance Consultant – GRC Practice
Compliance Consultant delivering compliance assessments and advisory engagements across various frameworks for GRC practice. Managing client relationships and contributing to business development activities.
Senior Analyst, Corporate Compliance
Senior Analyst Corporate Compliance at CVS Health overseeing regulatory compliance for Aetna's commercial insurance business. Supporting risk assessments, compliance documentation, and business initiatives for regulatory impact.
Manager, Coding Compliance – Orthopedic Surgery
Manager Coding Compliance tasked with ensuring proper charge capture and coding compliance in orthopedic surgery operations. Supervising staff and interacting with faculty for revenue maximization and compliance.