Lead Manager, Security Governance, Risk & Compliance
Make-A-Wish America · Phoenix, AZ · 2 mo ago
RemoteRemoteInformation Technology$76k–$92k/yrFull-time
Position Summary
Work with a growing Information Technology Security team to support the organization's Governance, Risk, and Compliance (GRC) efforts. This role assists in maintaining policies, assessing risks, and ensuring compliance with regulatory requirements and internal standards. This position assists in the identification of control gaps, the development of remediation plans, and the monitoring of compliance activities. This position will contribute to activities such as audits, documentation, GRC application maintenance and the implementation of security controls, under the guidance of senior team members.
Duties & Responsibilities
- Assist in the development, implementation, and maintenance of GRC frameworks and managing third-party risk.
- Contribute to the assessment and mitigation of organizational risks.
- Maintain internal policies, standards and security baselines, oriented toward compliance and regulatory standards - as well as, enforcement of secure practices.
- Manage risk acceptance and policy exception processes, ingesting risks and creating tracking, reporting and accountability mechanisms.
- Participate in audits of security controls and processes.
- Aid in the development of risk training and awareness programs.
- Perform vendor and product risk assessments, to align vendors and products with applicable standards, policies and security baselines.
- Create and maintain vendor questionnaire and Data Protection Agreements (DPA).
- Assist Legal with vendor reviews and responses.
- Conduct audits of third-party security controls, processes and vendor performance compliance and address and risks that arise.
- Maintain GRC monitoring applications.
Qualifications
- Bachelor’s degree in Computer Science or related technology field or equivalent experience required.
- 5+ years of total experience with 2+ years of hands-on experience designing, building, and supporting enterprise GRC and TPRM solutions.
- Understanding of GRC concepts and frameworks (e.g., ISO 27001, NIST, Cybersecurity Framework (CSF), SOC, GDPR)
- Experience: IT Compliance, IT Audit, IT Security, Cloud Security, PCI, HITRUST, HIPPA, GRC, Risk management, Risk analysis
- Proficiency in Microsoft Office Suite (Word, Excel, PowerPoint).
- Relevant and Current Certifications Preferred: e.g., Certified in Governance, Risk and Compliance (CGRC), Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Auditor (CISA), GRC Professional (GRCP), etc.
- Knowledge and experience with OneTrust Tools is preferred.
Working Environment
- Ability to thrive in a remote environment.
- Some travel required.
- May require work outside a traditional Monday – Friday work week, and outside normal business hours.
What We Offer
- Comprehensive benefit package, effective day 1: Medical, Vision*, Dental*, Wellness
- Competitive compensation with annual incentive potential
- Health Savings Account and Flexible Spending Account Options
- Health Reimbursement Account fully funded by Make-A-Wish America
- Short Term Disability*, Long Term Disability* and Life Insurance
- Additional Insurance Plans: Accident, Critical Illness, Hospital Indemnity, Pet Insurance through Figo
- 401(k) Retirement Savings Plan with 5% match after one year of service
- Eligibility for student loan forgiveness through the Public Service Loan Forgiveness Program
- The organization will send a laptop, 24” monitor, and a docking station/adaptor to new hires
- Time Off: Competitive PTO starting at 15 days, with enhanced time off for senior roles
- 10 Sick Days
- 11 Paid Holidays
- 2 Volunteer Days after one year of service
- 2 Personal Days accrued annually
- Parental Leave
- Employee Awards and Recognition Programs
- Individual and Leadership Development
- Discounts and special offers for theme parks, events, hotels, concerts, and movie tickets
- *Monthly premiums paid for the employee for vision, dental, and short/long term disability.