Manager, Corporate Governance, Risk, and Compliance (GRC)- Remote (Anywhere in the U.S.)

General Description

We are looking for a skilled Manager to lead the corporate Governance, Risk, and Compliance (GRC) team. This role will assist the Senior Director, CIS, to execute the internal GRC strategy while ensuring alignment with business objectives and adherence to relevant regulations and standards.

Additionally, this role will foster partnership and cooperation between and among security and compliance functions, and coordinate with Corporate Security Engineering to facilitate alignment of Corporate Information Security (CIS) initiatives.

The Manager, GRC, leads various aspects of the security and compliance program; mentoring a team of Information Security Specialists while delivering the GRC team's portfolio of services and other duties as assigned.

Roles and Responsibilities:

• Manage and lead a team of four Information Security Specialists and the processes comprising the GRC team's portfolio of services.
• Develop, disseminate, and maintain enterprise information security policies, standards, and procedures, and deliver the associated training program to all personnel.
• Establish and maintain relevant security risk metrics.
• Manage internal and external Privacy standards and initiatives.
• Help inform and maintain the company's Business Resilience Strategy.
• Perform security- and privacy-centric reviews for contracts, Requests for Information (RFIs), and Requests for Proposals (RFPs).
• Conduct risk assessments (e.g., enterprise annual, Commercial off the Shelf software and supplier reviews, etc.) and recommend risk mitigation strategies.
• Support, facilitate and manage the response to internal and external audits and assessments of GuidePoint's security program.
• Ensure GuidePoint's Suppliers align with required controls and standards through the Third-Party Risk Management process and providing subject matter expertise in crafting the security exhibit appended to suppliers' service agreements.

Required Experience:

• Undergraduate degree in cybersecurity/computer science and five years of work experience or eight or more years of work experience in Information Security.
• At least 3 years' experience in a managerial role.
• Knowledgeable about and experienced aligning security programs with regulatory requirements (e.g., CMMC, GDPR; HIPAA; NYSDFS; etc.) and industry security frameworks (e.g., NIST, ISO, etc.).
• Previous experience with security and privacy control definition, design, and implementation.
• Experience with managing internal and external compliance audits and assessments.
• Privacy experience including fielding Data Subject requests and performing Data Privacy Impact Assessments.
• Familiarity with reviewing, developing, monitoring, testing, and implementing contingency planning measures in support of the organization's critical functions.
• Excellent communication skills and demonstrated ability to engage with stakeholders at all levels, including cross-functional collaboration experience.
• Excellent organization skills, self-directed, and self-motivated.
• Preferred requirements:
  
  
  
  • CISA, CISM, and/or CISSP certifications.
  • Experience working with Jira, Confluence, Veza, BitSight (or other supplier risk management tools).
  
  
  
  

Travel Requirements:

• Up to 10% Travel