Banner Default Image

GRC Manager

Back to job search

GRC Manager

  • Location:

    United States of America

  • Job type:

    Permanent

  • Salary:

    $125K/yr - $150K/yr

  • Published:

    3 months ago

  • Expiry date:

    2024-10-26

Position: GRC Manager (Internal)

Location: US Remote

Salary: $125,000 - $150,000 (based on experience)

This role is not open to visa sponsorship or transfer of visa sponsorship including those on OPT and STEM-EXT OPT, nor is it available to work corp-to-corp.

About the Role:

We are seeking a talented and detail-oriented GRC Manager to join our client's dynamic team. As GRC Manager, you will play a critical role in auditing and assessing security postures, ensuring compliance with leading industry standards, and guiding clients through the intricacies of information security frameworks such as PCI DSS, HIPAA/HITECH, SOC, and ISO.

This position offers the flexibility of remote work while occasionally requiring travel to client sites. You will be responsible for conducting PCI and HIPAA assessments, performing gap analyses, and delivering clear, actionable reports that drive improvements in our client's security environments. As a Security GRC Manager, you will be responsible for security governance, risk, and compliance programs in a technology-driven organization within PCI, HIPAA, ISO, SOC, etc. You will play a key role in influencing the organization’s cybersecurity posture through assessing and driving remediation of security risks and ensuring compliance with relevant frameworks. Your technical expertise of security frameworks aligns with industry best practices. This role offers the opportunity to make strategic decisions, provide valuable recommendations, and collaborate with a broad group of bright and energetic individuals.


What You'll Do

  • Lead and manage all aspects of applicable cybersecurity audits, such as scope definition/validation, audit readiness, walkthroughs, evidence collection, and liaising with external auditors

  • Drive adoption of relevant security compliance requirements through thorough analysis and prescriptive guidance

  • Define and lead security risk management process, leveraging automation and partnering with stakeholders to perform hands-on risk assessments

  • Oversee the policies and standards lifecycle process to ensure they address all relevant cybersecurity requirements

  • Proactively identify compliance gaps through continuous monitoring, working closely with control owners to identify ways to effectively monitor compliance posture through automation

  • Document and report identified security or compliance issues and work with control owners on remediation requirements, strategy, and execution, providing recommendations that can be reasonably adopted

  • Regularly monitor remediation activities for noted findings, and escalate on remediation plans that are at-risk of being overdue

  • Develop and maintain security reporting to provide real-time and on-demand compliance status

  • Maintain an up-to-date understanding of emerging trends in information security risks; apply new techniques and trends, in-line with overall information security objectives

What We're Looking For

  • 5+ years of experience in technology audit, security risk management, and/or security compliance role, with at least 2-4 years implementing or auditing compliance with key cybersecurity standards (e.g., PCI DSS, HIPAA, ISO 27001, SOC2, etc.) in a cloud-first environment

  • Functional knowledge of multiple security domains and information security industry standards and best practices

  • Experienced with the implementation and/or use of control automation and compliance tools

  • Effective in building relationships with organizational leaders and influencing senior management

  • Excellent organizational skills, proactive and self-sufficient with a proven ability to work independently to effectively prioritize and execute tasks

  • Drive, determination, and the ability to overcome roadblocks and initial objections

  • Strong project management skills

  • Strong written, verbal communication, and presentation skills.

Work Environment:

This is a full-time remote position requiring self-motivation and the ability to complete projects on time. With a very fun and energy filled team ready to attack every project.

How to Apply:

Interviews are scheduled to take place next week so if you’re interested in hearing more about this and other roles, then please get in touch asap to discuss further at 520-329-5512 or send your Resume to a.ortiz@locke-mccloud.com

Locke & McCloud is the US's leading cyber security & information security staffing company – through having a sole focus on the cyber & information security space we have been able to foster solid relationships with some of the US’s most exciting cyber security consultancies & end-users. Our focus on the information security space allows us to be able to help you find the most exciting opportunities in the cyber security market. If you are looking for your next cybersecurity or information security role, please get in touch!