Governance Risk & Compliance (GRC) Manager
Governance Risk & Compliance (GRC) Manager
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Job Description
Title: Governance Risk & Compliance (GRC) Manager
State Role Title: Salary Non-Specified
Hiring Range: $148496 - $165000
Pay Band: UG
Agency: Virginia Retirement System
Location:Virginia Retirement System
Agency Website: Type: General Public - G
Job Duties
The GRC Manager plays a critical role in developing and maintaining a robust security framework that supports the organizations risk management and compliance objectives. This position is responsible for identifying assessing mitigating and monitoring risks across the enterprise while ensuring adherence to applicable laws regulations and internal policies.
This role requires a strategic thinker with strong leadership skills and a deep understanding of information security risk management and regulatory compliance.
Essential functions include but not limited to:
Risk Assessment and Management:
Conduct regular risk assessments across all organizational functions to identify potential risks and their impact.
Prioritize risks based on severity and likelihood and develop mitigation strategies.
Maintain a risk register to track identified risks mitigation actions and progress.
Perform security reviews on VRS systems to ensure CIA best practices are being followed and maintained.
Compliance Management:
Monitor compliance with applicable laws regulations and COV controls.
Develop and implement compliance policies and procedures.
Conduct compliance audits and reviews to identify gaps and ensure adherence.
Conduct quality assurance reviews and assess compliance with policies and standards.
Coordinate the Security Teams response to audit request.
Proactively monitor for potential audit points or issues. Remediate before they become audit findings.
Governance Framework:
Establish and maintain a robust governance framework including clear roles and responsibilities for risk management.
Facilitate communication and collaboration between different departments regarding risk and compliance matters.
Develop key performance indicators (KPIs) to measure the effectiveness of GRC initiatives.
Defines updates and enforces security policies to reduce risk.
Performs and approves security reviews and recommendations on proposed and new software and hardware solutions.
Reporting and Communication:
Prepare regular reports on risk and compliance status for management.
Communicate critical risk issues and mitigation plans to relevant stakeholders.
Provide training and awareness programs on GRC policies and procedures
Report metrics on compliance adherence.
Develop and enforce Information Security principles and policies (such as COV Security Policies HIPPA NIST 800-53 standards.
Participate in on-call rotation that provides security support outside of normal business hours
All other duties as assigned.
Minimum Qualifications
Bachelors degree in computer science or a closely related field.
Ten (10) years of experience in Governance Risk and Compliance with at least 5 years in a management role or an equivalent combination of education and experience.
Additional Considerations
Experience in a financial organization preferred.
Certification such as ISC2 CISSP CGRC or equivalent security certifications preferred.
Prior experience as an ISSO or BISO preferred.
Special Instructions
You will be provided a confirmation of receipt when your application and/or rsum is submitted successfully. Please refer to Your Application in your account to check the status of your application for this position.
Contact Information
Name: Human Resources
Email:
In support of the Commonwealths commitment to inclusion we are encouraging individuals with disabilities to apply through the Commonwealth Alternative Hiring Process. To be considered for this opportunity applicants will need to provide their AHP Letter (formerly COD) provided by the Department for Aging & Rehabilitative Services (DARS) or the Department for the Blind & Vision Impaired (DBVI). Service-Connected Veterans are encouraged to answer Veteran status questions and submit their disability documentation if applicable to DARS/DBVI to get their AHP Letter. Requesting an AHP Letter can be found at AHP Letter or by calling DARS at .
Note: Applicants who received a Certificate of Disability from DARS or DBVI dated between April 1 2022- February 29 2024 can still use that COD as applicable documentation for the Alternative Hiring Process.
Required Experience:
Manager
Employment Type
Full-Time
