International Rescue Committee - New York, NY
posted 19 days ago
Full-time - Senior
Remote - New York, NY
Social Assistance
About the position
The International Rescue Committee (IRC) is seeking an experienced Information Security Governance, Risk, and Compliance (GRC) Manager to lead and enhance the GRC function within the Global Information Security (GIS) department. This role involves aligning GRC efforts with organizational goals, managing information security risks, ensuring compliance with relevant laws and regulations, and fostering a culture of security and compliance across the organization. The ideal candidate will be a self-starter capable of optimizing existing services and innovating new offerings within the GRC framework.
Responsibilities
- Act as a strategic partner to senior leadership, aligning GRC efforts with organizational goals.
- Formalize and enhance the metrics program for consistent reporting on key information security metrics.
- Drive a comprehensive security training and awareness initiative for all staff.
- Implement and optimize IRC's GRC platform to support strategic objectives.
- Identify, assess, prioritize, mitigate, and monitor risks in alignment with IRC's risk appetite.
- Facilitate risk identification and assessment through interviews with Asset Owners and Custodians.
- Maintain the IT Risk Register and refine strategic approaches to mitigate identified risks.
- Lead third-party risk management efforts and oversee the Vendor Risk Assessment module.
- Ensure compliance with relevant laws, regulations, and industry standards.
- Partner with Legal and Supply Chain teams for contract reviews and updates.
- Conduct regular assessments to measure and improve workforce compliance.
- Coordinate IT audits, cyber risk assessments, and control assurance activities.
- Maintain awareness of emerging threats and best practices in cybersecurity and compliance.
- Develop internal processes and policies to address compliance needs in evolving regulatory landscapes.
- Foster a culture of security and compliance across the organization.
Requirements
- Relevant Bachelor's degree; Master's degree in Computer Science, Security or related highly desired.
- At least 5-7 years GRC program experience required, including at least 2 years of functional ownership.
- At least 2 years in a global organization; nonprofit experience desired.
- Strong leadership skills and experience forming internal working groups related to information security.
- Proactive analytical and critical thinking skills.
- Hands-on experience with GRC platform implementation and operation.
- Deep knowledge of cybersecurity, IT risk management, incident response, and data privacy laws.
- Effective communication and stakeholder engagement skills.
Nice-to-haves
- Proficiency in data analysis techniques and tools, e.g., PowerBI/Tableau.
- Certifications such as CISSP, CISM, CRISC, or other related certifications.
Benefits
- 403(b) matching
- Disability insurance
- Health insurance
- Dental insurance
- Flexible spending account
- Paid time off
- Employee assistance program
- Life insurance
