Senior Manager - GRC

How is this team contributing to the vision of Providence

Enterprise Security & Infrastructure (ESI)

What will you be responsible for

• Lead the development, implementation, and continuous improvement of the organizations security governance, risk management, and compliance (GRC) strategies.
• Establish and maintain a comprehensive governance management framework, ensuring effective operational controls to address information security risks.
• Create, update, and enforce security policies, procedures, processes, standards, and guidelines to support the IT Governance Program, including the lifecycle management of internal controls.
• Drive risk management and governance initiatives in response to emerging technologies and evolving business needs.
• Oversee the remediation of information security issues and findings, ensuring both immediate corrective actions and sustainable long-term solutions to mitigate risks.
• Collaborate with senior leadership, business units, IT, and Legal to establish consistent processes for identifying, assessing, responding to, and reporting on IT risks.
• Champion the implementation of global IT GRC initiatives, ensuring alignment with organizational objectives and industry standards.
• Partner with program leadership to influence decision-making and foster unified progress towards security and compliance goals.
• Identify and lead cross-functional projects that enhance standardization, efficiency, and maturity within the GRC function.
• Provide effective leadership to GRC teams, including direct reports and contractorsdelegating tasks, coordinating efforts, fostering motivation, and conducting performance reviews in collaboration with HR.
• Directly manage and develop GRC teams, with responsibility for up to 10 caregivers.
• Stay current on best practices, legal requirements, and industry standards related to risk management and compliance frameworks such as NIST CSF, NIST 800-53 v5, CIS Benchmarks, HIPAA, PCI DSS, SOX 404, and ITIL.
• Monitor industry trends and the regulatory environment, proactively adapting governance strategies to maintain compliance and organizational resilience.
  

How is this team contributing to the vision of Providence

Enterprise Security & Infrastructure (ESI)

What will you be responsible for

• Lead the development, implementation, and continuous improvement of the organizations security governance, risk management, and compliance (GRC) strategies.
• Establish and maintain a comprehensive governance management framework, ensuring effective operational controls to address information security risks.
• Create, update, and enforce security policies, procedures, processes, standards, and guidelines to support the IT Governance Program, including the lifecycle management of internal controls.
• Drive risk management and governance initiatives in response to emerging technologies and evolving business needs.
• Oversee the remediation of information security issues and findings, ensuring both immediate corrective actions and sustainable long-term solutions to mitigate risks.
• Collaborate with senior leadership, business units, IT, and Legal to establish consistent processes for identifying, assessing, responding to, and reporting on IT risks.
• Champion the implementation of global IT GRC initiatives, ensuring alignment with organizational objectives and industry standards.
• Partner with program leadership to influence decision-making and foster unified progress towards security and compliance goals.
• Identify and lead cross-functional projects that enhance standardization, efficiency, and maturity within the GRC function.
• Provide effective leadership to GRC teams, including direct reports and contractorsdelegating tasks, coordinating efforts, fostering motivation, and conducting performance reviews in collaboration with HR.
• Directly manage and develop GRC teams, with responsibility for up to 10 caregivers.
• Stay current on best practices, legal requirements, and industry standards related to risk management and compliance frameworks such as NIST CSF, NIST 800-53 v5, CIS Benchmarks, HIPAA, PCI DSS, SOX 404, and ITIL.
• Monitor industry trends and the regulatory environment, proactively adapting governance strategies to maintain compliance and organizational resilience.
  

What would your day look like

• Regularly collaborate with business leaders, application, and product owners to evaluate security needs and impacts of security decisions on business processes as well as to communicate risks.
• Drive implementation of framework, policies, standards, and other security requirements.
• Conduct gap analysis and implement Standards Frameworks like NIST CSF, NIST 800-53 v5, CIS Benchmarks, HIPAA, PCI DSS, SOX 404, and ITIL.
• Develop and revise Policies, Standards, Processes, and guidelines for the enterprise through change management.
• Perform security reviews, attestations, assessments and serve as a Liaison between various teams within Cybersecurity.
• Collaboare with business function owner on deliverables, support team in understating and meeting business requirements.
• Manage expectations and effectively communicate to colleagues, project team members, sponsors, stakeholders, business leaders, as well as internal and external security stakeholders and leaders.
• Promote and raise awareness of Cyber-Security programs and posture, driving change and influencing proper Cyber Security hygiene within the organization.
  

Who are we looking for

• 4-year University (Bachelors) degree in Computer Science, Information Security, Cyber Security or related field.
• Minimum 10 years of experience in an Information Security/GRC role.
• Minimum 5 years of experience in IT Risk Management Role.
• Preferred 3 years of experience in Healthcare, Pharma or Bio-Technology organization.
• Strong project management skills to simultaneously work on multiple projects concurrently.
• Experience with managing a GRC tool support life cycle.
• Strong written and oral communication skills with the ability to explain technical ideas to non-technical individuals at any level.
• Adaptable to shifting priorities, demands, and timelines through analytical and problem-solving capabilities. Able to react to project adjustments and alterations promptly and efficiently.
• Ability to lead a team and collaborate with other leaders throughout the organization.
• Ability to effectively prioritize and execute tasks in a high-pressure environment
• Preferred knowledge of Information Security standards (ISO/IEC 27001, 27002, NIST CSF, NIST SP 800-53, CIS Controls).