Governance, Risk and Compliance (GRC) Manager
Governance, Risk and Compliance (GRC) Manager
Vail Systems is seeking a Governance, Risk and Compliance (GRC) Manager who assists in developing and managing an Information Security policy roadmap and refresh schedule based on risk, information security priorities and Vail’s business objectives. As a GRC Manager, you will be expected to assist with the enhancement of our security awareness program. You would execute strategy for dealing with an increasing number of audits, compliance checks and external assessment processes for internal/external auditors in regard to SOC 2, HIPAA and PCI. This role will perform as an individual contributor but may oversee or provide direction for work performed by other parties. The role is also team oriented as you will collaborate with other highly technical engineering staff.
The ideal candidate will have a strong risk management background to successfully lead the development and implementation of a system-wide risk management function and to ensure information security risks are monitored, identified and mitigated appropriately. Additionally, the candidate will be a continual learner, self-motivated, and detail oriented.
What you’ll do:
- Collaborate with cross-functional stakeholders to implement and monitor compliance program requirements throughout the organization.
- Coordinate and track all information technology and security-related audits including managing scope, timelines, external agencies and audit outcomes.
- Maintain an up-to-date understanding of emerging trends in information security threats and risks and apply new techniques and trends in-line with overall information security objectives and organization risk appetite.
- Stay abreast of legal and regulatory changes that could impact enterprise policies.
- Assist in creating and implementing Privacy and IT Risk Management programs.
- Work collaboratively on and lead cross-functional projects related to data governance, data protection and privacy by design.
- Coordinate Disaster Recovery tests across the organization.
- Employ numerous proactive risk identification and risk reduction strategies to prevent and/or rectify concerns.
- Assist with maintaining the Third-Party Vendor Management (TPVM) procedure and enhancement of frameworks and processes.
- Assess, monitor and track TPVM lifecycle activities including risk assessment & due diligence, contract review, ongoing monitoring and termination.
- Provide TPVM guidance to internal customers.
- Update the TPVM procedure to ensure alignment with policy and update risk rating methodology periodically.
- Prepare aggregated third-party risk reports on risk data and analysis including concentration analysis.
- Update risk rating methodology periodically.
- Ad hoc duties as requested.
Minimum qualifications:
- A Bachelor’s degree in an Information Technology or similar field.
- 10+ years of experience in a Risk Management practice or Information Security/IT Audit role.
- Knowledge of information security risk management frameworks and compliance practices.
- Proficiency in developing security standards and guidelines based on industry best practices and standards.
- Knowledge of common security standards and regulations such as SOC 2, PCI, HIPAA, etc.
- Excellent interpersonal communication and presentation skills.
- Excellent written and verbal communication skills.
- Formal report writing experience.
- CISA, CRISC and/or CISSP certifications.
Preferred qualifications:
- Familiarity with the CIS Critical Security Controls.
- Experience managing projects and/or direct reports.
About Us
The human voice is capable of conveying nuances and meaning that just can’t be expressed through clicks and text messages. And for that reason, voice interactions have always had a special power to shape your perception and experiences. At Vail, we believe in the unique power of voice interactions to create more expressive, more intimate, and more efficient interpersonal interactions. Our experts work with Fortune 500 companies to help them serve their customers more efficiently and effectively through the use of various voice technologies. From basic network services, to state-of-the-art IP telephony, to cutting edge real-time analytics, Vail technology makes millions of voice interactions better every day.
Organizational Culture
At Vail Systems we strive to cultivate a supportive culture of continuous learning where employees are encouraged to achieve both personal and team goals by providing innovative telephony solutions that enhance customer contact center experiences. We entrust our employees to work autonomously and also encourage contribution to the decision-making process in a highly collaborative environment where open communication is fostered amongst teams. Product development is centered around the end user to ensure Vail’s products are efficient, productive and add value for our clients.