Security GRC Manager

November 23, 2024

Apply Now

Receive Emails with Similar Jobs

Rightway

WebsiteLinkedInAll Job Openings

Care Navigation and PBM

201 - 500 employees

⚕️ Healthcare Insurance

☁️ SaaS

🤝 B2B

💰 $100M Series C on 2021-03

Description

• Join Rightway as a trailblazing Security GRC Manager, a crucial role that will empower you to shape the foundation of the GRC function. • At Rightway, you will lead the charge to streamline procedures, mature the risk management program, and champion HITRUST and AI certifications. • Lead annual renewal of Rightway’s joint SOC2/HITRUST attestation partnering with Engineering, IT, People, and Finance. • Develop a comprehensive control library, mapping our control activities to multiple frameworks (SOC2, HITRUST, and NY DFS) to prepare for future customer and regulatory obligations. • Lead the evolution of business continuity planning and testing, honing the focus on a Business Impact Analysis (BIA) informed program. • Streamline operations by designing policies and procedures to balance compliance with operational efficiency at a rapidly scaling organization. • Take the helm in monitoring, measuring, and reporting on controls effectiveness and maturity using standard frameworks and models where applicable. • Leverage AI tooling to optimize and execute a flexible yet thorough Third Party “Vendor” Risk Management (TPRM) program. • Participate in assessment, triage, tracking, and remediation of Security risks, in addition to annual risk assessments activities e.g., HIPAA SRA. • Leverage novel tooling, including AI, to enhance RFP and questionnaire responses for security questions, assisting the Proposal Unit as needed.

Requirements

• 5-10 years of related work experience. • Proven experience leading HISRUST, SOC2, ISO 27001, or similar framework in a high growth environment. • A professional who understands how to mature controls consistent with organizational maturity and capacity. • Maintains a certification relevant to the role (e.g., CCSFP, CISA, CISM). • A deep understanding of risk assessment methodology. • Passionate advocate for governance, risk, and compliance, believing that these are not merely check box activities, but vital tools that significantly improve security posture and protect the organization. • Possess an intermediate to advanced understanding of the Software Development Life Cycle and of IT and security tooling as it relates to controls (e.g. AWS, OKTA, JIRA, GIT/GITHUB).