Security GRC Manager

Summary

Join Rightway as a Security GRC Manager to lead and develop the company's GRC function. You will be responsible for streamlining procedures, maturing the risk management program, and driving HITRUST and AI certifications. Key responsibilities include audit preparation, control library development, business continuity planning, policy enhancement, control monitoring, third-party risk management, and risk assessment. The ideal candidate will have 5-10 years of experience, proven leadership in relevant frameworks (HITRUST, SOC2, ISO 27001), and a relevant certification. A deep understanding of risk assessment and the software development lifecycle is crucial. The role offers a competitive salary between $150,000 and $170,000.

Requirements

• 5-10 years of related work experience
• Proven experience leading HISRUST, SOC2, ISO 27001, or similar framework in a high growth environment
• A professional who understands how to mature controls consistent with organizational maturity and capacity
• Maintains a certification relevant to the role (e.g., CCSFP, CISA, CISM)
• A deep understanding of risk assessment methodology
• Passionate advocate for governance, risk, and compliance, believing that these are not merely check box activities, but vital tools that significantly improve security posture and protect the organization
• Possess an intermediate to advanced understanding of the Software Development Life Cycle and of IT and security tooling as it relates to controls (e.g. AWS, OKTA, JIRA, GIT/GITHUB)

Responsibilities

• Lead annual renewal of Rightway’s joint SOC2/HITRUST attestation partnering with Engineering, IT, People, and Finance
• Develop a comprehensive control library, mapping our control activities to multiple frameworks (SOC2, HITRUST, and NY DFS) to prepare for future customer and regulatory obligations
• Lead the evolution of business continuity planning and testing, honing the focus on a Business Impact Analysis (BIA) informed program
• Streamline operations by designing policies and procedures to balance compliance with operational efficiency at a rapidly scaling organization
• Take the helm in monitoring, measuring, and reporting on controls effectiveness and maturity using standard frameworks and models where applicable
• Leverage AI tooling to optimize and execute a flexible yet thorough Third Party “Vendor” Risk Management (TPRM) program
• Participates in assessment, triage, tracking, and remediation of Security risks, in addition to annual risk assessments activities e.g., HIPAA SRA
• Leverage novel tooling, including AI, to enhance RFP and questionnaire responses for security questions, assisting the Proposal Unit as needed

Preferred Qualifications

Experience with AI Governance, Risk and Compliance

Benefits

BASE SALARY: $150,000 - $170,000