As part of the Information Security department at Consensus, The Governance, Risk and Compliance (GRC) Manager will be an innovative, self-driven team player who will educate, provide guidance, and drive our Risk Management program for information security and compliance throughout the company.
This individual is a business partner and enabler who is seen as a trusted adviser and partner for various departments (Legal, Finance, Internal Audit, Technology, Customer Service, Marketing, etc.) and teams.
The role will serve as the point of contact between company and vendors/customers and all regulatory supervisory authorities.
This position reports directly to the CISO Responsibilities: Provide support to the governance risk and compliance management program to achieve certifications such as ISO 27001/27002, HITRUST, NIST, SOC 2 Type 2, PCI-DSS and others as appropriate Conduct security risk assessments across the organization, rank security risks, articulate risk in terms of business impact, and suggest reasonable strategies to mitigate risks.
Liaise closely with the Consensus Internal Audit team, business leaders, external auditors and customers.
Conduct acquisition target and vendor security risk assessments to provide risk-based recommendations to the organization and evaluate the company’s risk posture.
Serves as a company representative with prospects, customers, and partners by assisting with completing security questionnaires, assessments and audits Provide Information Security consulting and security awareness education to the business Coordinate and manage assessments and audit initiatives set forth by the CISO and business lines Maintain records of Consensus information security risks, both internal and external, tracking remediation status of those risks Ensure appropriate process and systems are in place to protect data Develop, maintain, and enforce strong information security policies, procedures, and position papers Requirements: 5 years in IT Systems/Information Assurance experience.
Demonstrated experience working with regulatory requirements and standards (PCI-DSS, SOC, HIPAA, HITRUST, ISO, BSI, GDPR etc.) and frameworks (ISO, NIST, OWASP, etc.).
The ability to communicate complex security risks to non-technical staff Strong work ethic, attention to detail, and organizational skills Ability to multi-task and manage priorities in a fast-paced environment Ability to collaborate in a team setting, as well as work independently Big-4/Consulting experience is preferred Relevant certification(s) are preferred (E.G., CRISC CISSP, CISM, CISA, CCSK) Experience with on prem and Cloud environments Willingness and ability to travel domestically and internationally when needed Experience working in a heavily regulated and/or audited environment Bachelor’s degree desired, advanced degree (in computer science or information systems preferred) 3 years of compliance, risk management, or audit experience desired