International Rescue Committee - New York, NY
posted 18 days ago
Full-time - Mid Level
Remote - New York, NY
Social Assistance
About the position
The International Rescue Committee (IRC) is seeking an experienced Information Security Governance, Risk, and Compliance (GRC) Manager to lead and enhance the GRC function within the Global Information Security (GIS) department. This role involves strategic partnership with senior leadership, optimizing existing GIS services, and innovating GRC initiatives to meet the organization's dynamic needs. The ideal candidate will excel in an autonomous capacity and be responsible for aligning GRC efforts with organizational goals, managing risks, ensuring compliance, and fostering a culture of security and accountability across the organization.
Responsibilities
- Act as a strategic partner to senior leadership, aligning GRC efforts with organizational goals.
- Formalize and enhance the metrics program for consistent reporting on key information security metrics.
- Drive a comprehensive security training and awareness initiative for all staff.
- Implement and optimize IRC's GRC platform to support strategic objectives.
- Identify, assess, prioritize, mitigate, and monitor risks in alignment with IRC's risk appetite.
- Facilitate regular interviews for risk identification and business impact analysis.
- Maintain the IT Risk Register and refine strategic approaches to mitigate risks.
- Lead third-party risk management efforts and oversee the Vendor Risk Assessment module.
- Ensure compliance with relevant laws, regulations, and industry standards.
- Partner with Legal and Supply Chain for contract reviews and security obligations.
- Strengthen organizational understanding of policies and conduct regular compliance assessments.
- Coordinate IT audits, cyber risk assessments, and control assurance activities.
- Maintain awareness of emerging threats and best practices in cybersecurity and compliance.
- Develop internal processes to address compliance needs in evolving regulatory landscapes.
- Establish and report on key GRC metrics to measure program effectiveness.
- Foster a culture of security and compliance across the organization.
Requirements
- Relevant Bachelor's degree; Master's degree in Computer Science, Security or related field highly desired.
- At least 5-7 years of GRC program experience, including 2 years of functional ownership.
- Experience in a global organization; nonprofit experience desired.
- Demonstrated skills in global GRC program development and implementation.
- Strong leadership skills and experience forming internal working groups related to information security.
- Independent problem-solving and proactive approach to strategic decisions.
- Proficiency in managing third-party/vendor risk assessments and compliance.
- Deep knowledge of cybersecurity, IT risk management, and data privacy laws.
Nice-to-haves
- Certifications such as CISSP, CISM, CRISC, or other related certifications are desirable.
- Proficiency in data analysis techniques and tools, e.g., PowerBI/Tableau.
- Language skills in French and Arabic are a plus.
Benefits
- 10 sick days
- 10 US holidays
- 20-25 paid time off days depending on role and tenure
- Medical insurance starting at $143 per month
- Dental insurance starting at $6.50 per month
- Vision insurance starting at $5 per month
- FSA for healthcare and commuter costs
- 403b retirement savings plan with immediately vested matching
- Disability and life insurance
- Employee Assistance Program for counseling and care support.
