Summary of Job Responsible for developing, implementing, and maintaining the organization's Governance, Risk & Compliance (GRC) framework to ensure compliance with regulatory requirements, industry standards, and corporate policies. Ensure that the organization manages risks effectively, enhances governance processes, and ensures compliance with laws, regulations, and security frameworks. Partner cross-functionally with internal stakeholders, including IT, security, legal, finance, and audit teams, to identify risks, establish controls, and drive GRC initiatives. Responsibilities:
- Conduct risk assessments to identify, analyze, and mitigate operational, IT, and cybersecurity risks.
- Develop and implement risk mitigation strategies, policies, and procedures.
- Monitor risk registers and ensure risk treatment plans are effectively executed.
- Ensure compliance with regulatory frameworks (e.g., HITRUST, NIST, NYDFS, HIPAA) and industry best practices.
- Perform internal audits, regulatory assessments, and compliance reviews.
- Develop compliance training programs and awareness initiatives.
- Develop, review, and update corporate policies, standards, and procedures related to GRC.
- Establish governance models and ensure they align with organizational goals.
- Collaborate with business units to integrate governance policies into operations.
- Assess and manage vendor risk, ensuring third-party compliance with security and regulatory requirements.
- Conduct vendor due diligence and risk assessments.
- Monitor third-party contracts and agreements to ensure ongoing compliance.
- Support incident management and response efforts to mitigate risks and improve security posture.
- Conduct compliance and security control monitoring to identify gaps and drive improvements.
- Work with cybersecurity and IT teams to align GRC initiatives with security operations.
Qualifications:
- Bachelor's degree in a relevant IT field of study required; additional fields such as Business Administration, Finance, Law, Project Management, or related preferred
- Master's degree in computer science, information technology or business preferred
- Technical certifications in related areas such as CISSP, CISA, CISM, CRISC preferred
- 10 - 12+ years of relevant, professional work experience
- 5 - 8+ years of experience in Governance, Risk, and Compliance, Audit, Information Security, or a related field.
- Proven management skills, as well as strong leadership skills, with the ability to lead technical teams.
- Additional experience/certifications/training may be considered in lieu of educational degree requirement.
- In depth knowledge of MS Office suite and standard business applications.
- Strong understanding of GRC frameworks and methodologies.
- Ability to gain a technical understanding of emerging technologies, and to effectively absorb information quickly.
- Ability to effectively and efficiently manage multiple projects and efforts simultaneously, to set appropriate priorities for
timely completion of numerous concurrent tasks and projects within defined resource limitations. - Demonstrated ability to form and maintain collaborative partnerships across a complex organization with diverse
constituencies; ability to build consensus on complex and sometimes controversial subjects - Proven ability to work with technology vendors in the delivery of project solutions; must have a breadth of knowledge of technology and IT market trends
- Experience with Software Licensing and contract management
- Exceptional communication skills, both verbal and written; the ability to communicate effectively by adapting approach, language and style to a wide variety of audiences, including stakeholders that are both technical and non-technical; ability to grasp and communicate the big picture while remaining conversant with details
Additional Information
- Requisition ID: 1000002601
- Hiring Range: $92,880-$178,200
|
EmblemHealth
Aug 04, 2025