Governance, Risk, and Compliance (GRC) Manager

About the Role:

Governance, Risk, and Compliance (GRC) Manager

This individual will drive compliance strategy, manage risk assessments, support client audits, and ensure continuous alignment with evolving regulatory and industry standards.

Key Responsibilities:

• Develop, implement, and manage the GRC program aligned with HITRUST CSF, ISO 27001, SOC 2, and other frameworks.
• Lead risk assessments, control testing, and continuous monitoring across business units.
• Collaborate with IT, Security, Legal, and Operations teams to ensure compliance posture is maintained and documented.
• Manage preparation for external audits (HITRUST, SOC 2, ISO, PCI DSS, HIPAA, GLBA, etc.) and coordinate evidence collection.
• Design and maintain policies, standards, and procedures supporting data protection, access control, incident management, and third-party risk.
• Support compliance needs for Financial Services (GLBA, FFIEC, SOX) and Healthcare (HIPAA, HITRUST, HITECH) clients.
• Develop executive-level reporting for risk, compliance, and audit outcomes.

Act as a trusted advisor to internal teams and clients on best practices in data security and compliance operations.

Required Qualifications:

• Bachelor's degree in Information Security, Computer Science, or related field; Master's degree preferred.
• 7+ years of experience in GRC, Risk Management, or Compliance in regulated industries (Financial Services, Healthcare, or SaaS).
• Hands-on experience implementing or managing HITRUST CSF certification projects.
• Strong knowledge of ISO 27001:2022, SOC 2 Type II, NIST 800-53/171, HIPAA, GLBA, PCI DSS, and related frameworks.
• Familiarity with risk management platforms (e.g., Archer, ServiceNow GRC, OneTrust, or ZenGRC).
• Exceptional written and verbal communication skills with ability to interface with executive leadership and auditors.

Proven record of cross-functional leadership and the ability to operationalize compliance frameworks in large, complex environments.

Preferred Certifications:

• HITRUST CCSFP / CHQP
• CISM, CISSP, CISA, CRISC, or ISO 27001 Lead Implementer/Auditor
• Additional certifications in Healthcare Compliance (HCISPP) or Financial Compliance (CRMA, CAMS) are a plus.