Manager GRC

Job Description: You will be responsible for conducting comprehensive security risk assessments for new and existing systems, applications, and network infrastructure. Additionally, you will develop, implement, and maintain security frameworks, standards, and best practices across the organization. Your role will involve overseeing third-party risk management (TPRM), which includes due diligence, assessment, and continuous monitoring of vendor security posture. Furthermore, you will collaborate with IT, engineering, and business teams to identify and mitigate security risks in design and deployment. You will also perform Security Architecture reviews, risk assessments, and gap analysis on critical assets and business processes. Advising stakeholders on security solutions and controls, ensuring alignment with regulatory and industry standards (e.g., HIPAA, Hi-Trust, ISO, NIST, GDPR) will be part of your responsibilities. Responding to emerging threats and vulnerabilities by recommending and implementing proactive security measures is also expected. Additionally, you will prepare and deliver clear reports on architectural and risk findings to senior management and support compliance initiatives and internal or external audits related to security and risk management. Driving continuous improvement in security architecture, risk practices, and awareness throughout the organization will be crucial. You will also participate in special projects and other duties as assigned, driving ongoing improvement in security posture, risk management, and protection of sensitive information. Your work week will involve managing TPRM Analysts, conducting risk assessments, and managing third-party vendor reviews or renewals. Additionally, you will host and participate in meetings with engineering, compliance, and business teams to discuss security requirements and remediation plans. Reviewing and evaluating architecture diagrams and technical designs for ongoing and upcoming projects will be part of your routine. Monitoring security controls, metrics, incident reports, and issues to identify and respond to risks or weaknesses will also be essential. Moreover, you will prepare documentation, executive summaries, and presentations for decision-makers and stakeholders. We are looking for a professional with strong experience in both security architecture and risk management, ideally in complex or regulated environments. You should have a proven ability to communicate technical concepts and security risks to both technical and non-technical audiences. Experience in conducting third-party risk assessments, managing vendor relationships, expertise in industry standards, regulatory compliance, and security frameworks (such as HIPAA, HI-Trust, ISO 27001, NIST 800-53, SOC2) is required. A proactive problem-solver with excellent analytical, organizational, and stakeholder management skills will thrive in this role. Basic knowledge of AI technologies such as Generative AI, Artificial Neural Networks (ANN), Convolutional Neural Networks (CNN), and AI security is a plus.,