GRC Manager

---

Job description

Essential Functions:

Lead the development and implementation of the corporate-wide IT risk management program to ensure information security risks are identified and continuously monitored.

Assess, evaluate, and make recommendations to senior management regarding the adequacy of the security controls for MDRC's information and technology systems and associated business processes.

Develop and implement effective and reasonable policies, procedures, and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation.

Execute strategy for dealing with increasing audits, compliance checks, and external assessment processes for internal/external auditors, such as NIST 800-53/FISMA/FedRAMP.

Recruit, train, support, and retain talented IT GRC analysts.

Educational Requirements:

Bachelor's degree in Computer Science, Information Technology, or other relevant field of study or equivalent experience in an information technology or business administration capacity.

Master's degree preferred but not required.

Skills and/or Experience Required:

Extensive knowledge of the software and hardware systems utilized by MDRC.

Extensive knowledge of information security risk frameworks and compliance practices such as NIST 800-53.

Key Technologies: AWS Cloud Engineering, Splunk, Okta, Qualys, Crowdstrike, Qualtrics, Acquia, Box, and other cyber security solutions.

Requires ten years of experience with IT support, operations, and team management.

Excellent interpersonal, communication, and presentation skills, including formal report writing experience.

Experience performing risk assessments and information security auditing processes.

<!– job description page –>