Security GRC Manager
Rightway
Job highlights
Summary
Join Rightway as a Security GRC Manager to lead and develop the company's GRC function. You will be responsible for streamlining procedures, maturing the risk management program, and driving HITRUST and AI certifications. Key responsibilities include audit preparation, control library development, business continuity planning, policy enhancement, control monitoring, third-party risk management, and risk assessment. The ideal candidate will have 5-10 years of experience, proven leadership in relevant frameworks (HITRUST, SOC2, ISO 27001), and a relevant certification. A deep understanding of risk assessment and the software development lifecycle is crucial. The role offers a competitive salary between $150,000 and $170,000.
Requirements
- 5-10 years of related work experience
- Proven experience leading HISRUST, SOC2, ISO 27001, or similar framework in a high growth environment
- A professional who understands how to mature controls consistent with organizational maturity and capacity
- Maintains a certification relevant to the role (e.g., CCSFP, CISA, CISM)
- A deep understanding of risk assessment methodology
- Passionate advocate for governance, risk, and compliance, believing that these are not merely check box activities, but vital tools that significantly improve security posture and protect the organization
- Possess an intermediate to advanced understanding of the Software Development Life Cycle and of IT and security tooling as it relates to controls (e.g. AWS, OKTA, JIRA, GIT/GITHUB)
Responsibilities
- Lead annual renewal of Rightwayโs joint SOC2/HITRUST attestation partnering with Engineering, IT, People, and Finance
- Develop a comprehensive control library, mapping our control activities to multiple frameworks (SOC2, HITRUST, and NY DFS) to prepare for future customer and regulatory obligations
- Lead the evolution of business continuity planning and testing, honing the focus on a Business Impact Analysis (BIA) informed program
- Streamline operations by designing policies and procedures to balance compliance with operational efficiency at a rapidly scaling organization
- Take the helm in monitoring, measuring, and reporting on controls effectiveness and maturity using standard frameworks and models where applicable
- Leverage AI tooling to optimize and execute a flexible yet thorough Third Party โVendorโ Risk Management (TPRM) program
- Participates in assessment, triage, tracking, and remediation of Security risks, in addition to annual risk assessments activities e.g., HIPAA SRA
- Leverage novel tooling, including AI, to enhance RFP and questionnaire responses for security questions, assisting the Proposal Unit as needed
Preferred Qualifications
Experience with AI Governance, Risk and Compliance
Benefits
BASE SALARY: $150,000 - $170,000
Share this job:
Similar Remote Jobs
- ๐Ireland
- ๐ฐ$190k-$215k๐United States
- ๐United States
- ๐Argentina
- ๐Canada
- ๐ฐ$152k-$215k๐United States
- ๐United Kingdom
- ๐United States
- ๐ฐ$122k-$152k๐United States