Develop, maintain, monitor and enforce IT policies and procedures, and lead the implementation and monitoring of Information Risk Management processes to ensure organization-wide compliance
Job Summary
Develop, maintain, monitor and enforce IT policies and procedures, and lead the implementation and monitoring of Information Risk Management processes to ensure organization-wide compliance.
Coordinate internal audits, external audits, attestations, and certification programs (HIPAA, PCI DSS, ISO 27001, HITRUST, URAC, SOC 2) and perform regulatory compliance assessments, gap analyses, and readiness reviews.
Manage risks related to IT, security, privacy, regulatory compliance, and governance, including emerging technology risk areas and compliance to efficiently work on frameworks including NIST CSF, CIS Controls, HIPAA, PCI DSS, ITIL, etc.
Matching Summary
Develop, maintain, monitor and enforce IT policies and procedures, and lead the implementation and monitoring of Information Risk Management processes to ensure organization-wide compliance.
Skills & Requirements
Must-have
IT policies and procedures
Information Risk Management
regulatory compliance assessments
Integrated Control Framework
security exception reviews
emerging technology risk management
GRC tool administration
Nice-to-have
strong project management capabilities
comfortable in dynamic environments
ability to work independently or collaboratively
communicating IT and security risk concepts
Key Requirements
Bachelor’s degree in computer science or related field
Minimum 6 years of experience in Information Security and GRC
2 years of experience in Healthcare, Pharma, or Biotechnology
Strong experience in GRC tool lifecycle management
Preferred Certifications: ISO 27001, ISO 42001, CISM, CRISC, CISA