SENIOR MANAGER, GOVERNANCE, RISK MANAGEMENT, AND COMPLIANCE(GRC)

Job Category: QA & Compliance Roles

JOB SUMMARY:

We are seeking an experienced Senior Manager of Governance, Risk Management, and Compliance (GRC) to lead our efforts in maintaining compliance with various regulatory and security frameworks. This role requires a deep understanding of security, compliance, regulatory frameworks, platform management, vendor security reviews, and customer interactions. The ideal candidate will have a strong ability to collaborate across functions and provide valuable insights and leadership in enhancing our security and compliance posture.

RESPONSIBILITIES AND DUTIES:

  • Lead the organization’s compliance efforts across PCI, SOC 2, FedRAMP, StateRAMP, ISO2700x, and other frameworks.
  • Coordinate with third-party auditing firms to facilitate audits and provide necessary evidence.
  • Drive resolutions for audit findings through effective control implementation.
  • Manage the implementation of SOC2 and NIST frameworks to assess and enhance security maturity.
  • Utilize the GRC platform for ongoing compliance monitoring and improvement.
  • Collaborate with legal and security teams for data protection compliance in contracts and DPAs.
  • Conduct security assessments of third-party vendors and partners.
  • Respond to customer inquiries regarding security attestations and compliance.
  • Foster synergy between security and compliance functions, ensuring aligned strategies and initiatives.

QUALIFICATIONS:

  • Bachelor’s degree in Computer Science, Information Security, Risk Management, or related field, or equivalent work experience.
  • Experience with regulatory frameworks and standards such as ISO 27001, NIST Cybersecurity Framework, or PCI DSS.
  • 5+ years of experience in GRC roles with a focus on information security and technology.
  • Proven track record in developing and implementing governance frameworks and compliance programs.
  • Familiarity with risk assessment techniques and security controls.
  • Experience with compliance audits, assessments, and Privacy Impact Assessments.
  • Strong understanding of GDPR, HIPAA, and business process-related risks.
  • Excellent communication skills and ability to engage with stakeholders at all levels.
  • Knowledge of ISO 27001, NIST Cybersecurity Framework, or PCI DSS.
  • Professional certifications like CISA, CRISC, CISSP, or CISM are highly desirable.

OPPORTUNITY DETAILS:

This role is perfect for a proactive leader dedicated to maintaining the highest standards of governance, risk management, and compliance in the ever-evolving landscape of information security. If you have the required experience and are passionate about driving compliance and security initiatives, we encourage you to apply.

ABOUT CURATE:

At Curate Partners, we are not just a staffing agency; we are a bridge to innovation in the digital and data transformation landscape. Our mission is to match dynamic organizations with the ‘Purple Squirrels’ of the talent world—those rare, innovative drivers with unique skills that catalyze change and propel transformation journeys. With a focus on specialized talent, we empower companies and individuals alike to achieve groundbreaking success in their respective fields. Join us, and become part of a purpose-driven team committed to making a measurable impact while advancing your career alongside the most sought-after professionals in the industry.

EQUAL OPPORTUNITY EMPLOYER:

Curate Partners and their clients are committed to fostering, cultivating, and preserving a culture of diversity, equity, and inclusion. We embrace the unique contributions that each ‘Purple Squirrel’ brings to our team, regardless of their age, gender, race, ethnicity, national origin, disability status, sexual orientation, or religious belief. We believe that our strength lies in our diversity and in our unified pursuit of innovation, excellence, and transformative success. We are dedicated to providing an environment where all employees and consultants feel valued, included, and empowered to bring their authentic selves to work every day. Join us in our commitment to creating a diverse, inclusive, and innovative workspace where every ‘Purple Squirrel’ can thrive.

FAQ:

  • Q: What qualifications are required for the Senior Manager of GRC role?
    • A: Required qualifications include a Bachelor’s degree in relevant fields, 5+ years of experience in GRC roles, familiarity with regulatory frameworks such as ISO 27001 and NIST, and professional certifications like CISA, CRISC, CISSP, or CISM.
  • Q: What are the key responsibilities of the Senior Manager of GRC?
    • A: Key responsibilities include leading compliance efforts across various frameworks, coordinating with auditing firms, driving resolutions for audit findings, managing security assessments of third-party vendors, and fostering synergy between security and compliance functions.

    Apply for this position

    Allowed Type(s): .pdf, .doc, .docx