Manager, GRC Risk Management

What We're Looking For

We are seeking a driven senior Risk Management professional to advance our enterprise wide information security risk management and audit readiness initiatives. This role focuses on driving risk identification, quantification, remediation tracking, and readiness across security and compliance frameworks. The ideal candidate is an experienced risk leader with strong program management and people management skills who can balance strategic oversight with hands-on execution. They will ensure risks are transparently communicated, aligned with organizational objectives, and continuously monitored through automated systems and analytics platforms.

What You Will Do

• Work remotely from anywhere in the United States
• Lead the identification, evaluation, and quantification of information security risks using standardized methodologies.
• Develop and maintain information security risk register, ensuring consistent classification, ownership, and prioritization.
• Translate technical risks into business impact metrics that support data-driven decision-making by leadership.
• Support the definition and refinement of risk appetite, tolerance, and key risk indicators (KRIs).
• Manage end-to-end remediation lifecycle for audit findings, risk exceptions, and control gaps.
• Partner with control owners and system teams to document, track, and validate remediation progress.
• Develop dashboards and reports to visualize remediation status and risk trends.
• Facilitate risk acceptance and exception processes, ensuring appropriate business justification and executive visibility.
• Partner with technical and compliance teams to develop and implement AI governance controls and risk assessments.
• Track AI-related regulatory developments and support readiness for future standards (e.g., EU AI Act, NIST AI RMF).
• Provide expert support for compliance activities related to HITRUST, HIPAA, ISO 27001, PCI, SOC 2, FedRAMP and other relevant frameworks, ensuring adherence to industry standards and regulations.
• You will also be expected to support your peers across the security team by contributing to policy and standards development, collaborating on data governance initiatives, assisting with vendor security assessments, and supporting awareness and training programs.

What You Need to Succeed

• Experience: A minimum of 6 years in security risk management including risk assessment and remediation. Minimum 1 year of direct people management experience leading remote teams. Proven track record of program management, including building and scaling cross-functional security initiatives.
• Technical Proficiency: Proven experience in performing technical risk assessments and documentation of key controls and security processes, with a solid understanding of IT processes and industry best practices.
• Analytical Skills: Strong analytical and problem-solving abilities, with a keen attention to detail and the capacity to manage multiple priorities in a fast-paced environment.
• Communication Skills: Excellent communication and interpersonal skills, capable of effectively engaging with cross-functional teams and stakeholders across all levels of leadership.
• Adaptability: Ability to operate effectively in ambiguous situations, demonstrating flexibility and resilience.

What Helps you Standout

• Experience: Additional experience in program management and security audits or control assessments based on security and privacy frameworks such as HITRUST, HIPAA, ISO 27001, PCI, SOC 2, NIST 800-53, or FedRAMP.
• Certifications: Possession of industry-recognized security, audit or related professional certifications such as CRISC, CISSP, CISA, or CISM.
• Healthcare Industry Experience: Prior experience in IT security and GRC functions within the healthcare sector.
• AI Knowledge: Familiarity with AI governance and emerging risk management frameworks.
• GRC and Analytics Tooling Experience: Hands-on experience with GRC platforms such as TrustCloud, OnSpring, or Riskonnect for risk tracking, control mapping, and audit readiness. Proficiency in Power BI for developing dashboards and visualizations that communicate risk, remediation, and compliance trends to leadership.