Position Objective:
The Governance, Risk Management, and Compliance (GRC) Manager is responsible for assessing, documenting, and maintaining stewardship of MDRC’s compliance and risk posture related to information technology assets. This position aims to provide highly skilled technical and information security expertise for developing and implementing MDRC’s information security risk management program. The GRC Manager provides leadership and project management expertise to ensure adherence to corporate standards, perform ongoing risk assessment, increase awareness through training, develop policies, standards, and guidelines, and ensure effective and continuous system-wide security analysis and monitoring is taking place.
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. Reasonable accommodations may enable qualified individuals with disabilities to perform the essential functions unless this causes undue hardship to the organization.
Essential Functions:
- Lead the development and implementation of the corporate-wide IT risk management program to ensure information security risks are identified and continuously monitored.
- Assess, evaluate, and make recommendations to senior management regarding the adequacy of the security controls for MDRC's information and technology systems and associated business processes.
- Develop and implement effective and reasonable policies, procedures, and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation.
- Execute strategy for dealing with increasing audits, compliance checks, and external assessment processes for internal/external auditors, such as NIST 800-53/FISMA/FedRAMP.
- Recruit, train, support, and retain talented IT GRC analysts.
Educational Requirements:
- Bachelor’s degree in Computer Science, Information Technology, or other relevant field of study or equivalent experience in an information technology or business administration capacity.
- Master’s degree preferred but not required.
Skills and/or Experience Required:
- Extensive knowledge of the software and hardware systems utilized by MDRC.
- Extensive knowledge of information security risk frameworks and compliance practices such as NIST 800-53.
- Key Technologies: AWS Cloud Engineering, Splunk, Okta, Qualys, Crowdstrike, Qualtrics, Acquia, Box, and other cyber security solutions.
- Requires ten years of experience with IT support, operations, and team management.
- Excellent interpersonal, communication, and presentation skills, including formal report writing experience.
- Experience performing risk assessments and information security auditing processes.