Whatsapp
Posted : Wednesday, March 06, 2024 01:00 PM
Position Description
The Governance, Risk, & Compliance (GRC) Manager at the United Network for Organ Sharing (UNOS) plays an integral role in strengthening our security posture.
This position is pivotal in building out and continuously improving the GRC program, focusing on compliance management, risk assessment, cybersecurity strategy, & resilience.
The role requires collaboration with the Director and Assistant Director of Information Security, and across the entire organization, to cultivate robust third-party/vendor risk management.
The person in this role will develop and evolve audit processes, member security, and training initiatives.
The person in this role will collaborate with the Member Security Program Manager to continue to build capabilities for data use and system interconnection agreement management.
Key Responsibilities: Lead the development and implementation of GRC strategies, ensuring alignment with industry standards and organizational goals.
Develop and oversee third-party/vendor security risk assessments, ensuring vendors comply with company and industry security standards.
Develop internal audit capabilities and manage external audit processes, including preparation, execution, and follow-up actions.
Maintain Interconnection Security Agreements (ISAs) and Data Use Agreements (DUAs) to ensure secure data sharing practices.
Work with the Member Security Program Manager to enhance the Member Security program, focusing on attestations, audits, and efficient incident management.
Build on the existing culture of security mindfulness across the organization by evolving cybersecurity awareness and training programs.
Ensure compliance with legal, regulatory, and policy requirements in the information security domain.
Collaborate in the continuous improvement of Information Security across the organization in alignment with NIST guidelines (NIST SP 800-37, NIST SP 800-39, NIST SP 800-53, NIST SP 800-53A, NIST SP 800-137, NIST 800-171) and applicable industry best practices.
Provide leadership in incident response planning and execution, minimizing impact and ensuring swift recovery.
Facilitate cross-functional communication to integrate security best practices in various business processes.
Mentor and lead a team of security professionals, fostering a collaborative and productive work environment.
Stay abreast of emerging cybersecurity trends, threats, and technologies to inform strategic planning and risk mitigation efforts.
Minimum Requirements 8+ years of experience in Information Security, with a focus on Governance, Risk, and Compliance Critical Skills Proven leadership experience in managing teams and cross-functional projects.
Strong understanding of NIST frameworks, particularly NIST SP 800-37, NIST SP 800-39, NIST SP 800-53, NIST SP 800-53A, NIST SP 800-137, and NIST 800-171.
Prior experience in managing compliance with legal, regulatory, and policy requirements in information security.
Familiarity or direct experience with DevSecOps and Zero Trust preferred.
Additional Skills & Qualifications Exceptional leadership and team management abilities.
Excellent communication and people skills, capable of engaging effectively with various stakeholders and articulating risks to non-technical stakeholders.
Ability to negotiate and influence decision-making processes.
Strong organizational and project management skills.
Demonstrated ability to think strategically and execute tactically.
Robust problem-solving skills with a focus on innovative and efficient solutions.
Proficiency in risk assessment methodologies and cybersecurity best practices.
Keen attention to detail and commitment to high-quality standards.
Education 4-year degree in Business Administration, Finance, Accounting, Law, Information Technology, or related field of study, or a related industry credential (e.
g.
, CRISC, CCEP, CISA, CIA, CISM) along with an equivalent level of professional work experience Physical Requirements General office demands About Us The United Network for Organ Sharing (UNOS) coordinates the nation’s organ transplant system, providing vital services to meet the needs of men, women and children awaiting lifesaving organ transplants.
Based in Richmond, Va.
, UNOS is a private, nonprofit membership organization.
UNOS members encompass every transplant hospital, tissue matching laboratory and organ procurement organization in the United States, as well as voluntary health and professional societies, ethicists, transplant patients and organ donor advocates.
Top workplace in Richmond since 2014 UNOS is a great place to work! We have been named a Top Workplace in Richmond by the Richmond Times-Dispatch for 10 years in a row.
Virginia Values Veterans Certified UNOS is V3-certified! V3- Certified companies work with the Department of Veterans Services and other strategic partners to support Virginia’s Veterans.
UNOS Benefits For information on UNOS, including more information on employee benefits, take a look at the UNOS Employee Benefits Summary.
Authorization Must be authorized to work in the US.
Sponsorship is not available for this position.
Agency Statement No Agencies Please.
UNOS provide equal employment opportunity for all applicants and employees.
It will not unlawfully discriminate or permit harassment against any employee or applicant on the basis of race, ethnicity, color, religion, national origin, gender, age, disability, familial or marital status, military or veteran status, sexual orientation, gender identity and expression, genetic information, or any other characteristics or classification protected under applicable law (“protected categories”).
This policy applies not only to hiring, but also to working conditions, benefits and privileges of employment, training, appointments for advancement, transfers, layoffs, recalls, terminations of employment and all other terms and conditions of employment.
UNOS is also an affirmative action employer.
It takes affirmative action to recruit and provide opportunities for advancement to qualified females and minorities, individuals with disabilities, special disabled veterans and other protected veterans.
It hires and promotes based on job-related requirements and individual qualifications.
Action is taken to ensure the fulfillment of this policy as to all phases of the employment process including hiring, placement, training, upgrading, transfers and/or demotions, recruiting, layoffs and termination of employment.
UNOS invites individuals with disabilities and protected veterans to identify themselves, if they wish to do so.
Such communication will be kept as confidential as possible and will be used only in accordance with the law.
Candidates may contact the EEO/AA Officer at human.
resources@unos.
org to self-identify or request an accommodation.
EEO is the Law | EEO is the Law Supplement | E-Verify Participation English/Spanish | Right to Work | Right to Work Spanish | Pay Transparency
This position is pivotal in building out and continuously improving the GRC program, focusing on compliance management, risk assessment, cybersecurity strategy, & resilience.
The role requires collaboration with the Director and Assistant Director of Information Security, and across the entire organization, to cultivate robust third-party/vendor risk management.
The person in this role will develop and evolve audit processes, member security, and training initiatives.
The person in this role will collaborate with the Member Security Program Manager to continue to build capabilities for data use and system interconnection agreement management.
Key Responsibilities: Lead the development and implementation of GRC strategies, ensuring alignment with industry standards and organizational goals.
Develop and oversee third-party/vendor security risk assessments, ensuring vendors comply with company and industry security standards.
Develop internal audit capabilities and manage external audit processes, including preparation, execution, and follow-up actions.
Maintain Interconnection Security Agreements (ISAs) and Data Use Agreements (DUAs) to ensure secure data sharing practices.
Work with the Member Security Program Manager to enhance the Member Security program, focusing on attestations, audits, and efficient incident management.
Build on the existing culture of security mindfulness across the organization by evolving cybersecurity awareness and training programs.
Ensure compliance with legal, regulatory, and policy requirements in the information security domain.
Collaborate in the continuous improvement of Information Security across the organization in alignment with NIST guidelines (NIST SP 800-37, NIST SP 800-39, NIST SP 800-53, NIST SP 800-53A, NIST SP 800-137, NIST 800-171) and applicable industry best practices.
Provide leadership in incident response planning and execution, minimizing impact and ensuring swift recovery.
Facilitate cross-functional communication to integrate security best practices in various business processes.
Mentor and lead a team of security professionals, fostering a collaborative and productive work environment.
Stay abreast of emerging cybersecurity trends, threats, and technologies to inform strategic planning and risk mitigation efforts.
Minimum Requirements 8+ years of experience in Information Security, with a focus on Governance, Risk, and Compliance Critical Skills Proven leadership experience in managing teams and cross-functional projects.
Strong understanding of NIST frameworks, particularly NIST SP 800-37, NIST SP 800-39, NIST SP 800-53, NIST SP 800-53A, NIST SP 800-137, and NIST 800-171.
Prior experience in managing compliance with legal, regulatory, and policy requirements in information security.
Familiarity or direct experience with DevSecOps and Zero Trust preferred.
Additional Skills & Qualifications Exceptional leadership and team management abilities.
Excellent communication and people skills, capable of engaging effectively with various stakeholders and articulating risks to non-technical stakeholders.
Ability to negotiate and influence decision-making processes.
Strong organizational and project management skills.
Demonstrated ability to think strategically and execute tactically.
Robust problem-solving skills with a focus on innovative and efficient solutions.
Proficiency in risk assessment methodologies and cybersecurity best practices.
Keen attention to detail and commitment to high-quality standards.
Education 4-year degree in Business Administration, Finance, Accounting, Law, Information Technology, or related field of study, or a related industry credential (e.
g.
, CRISC, CCEP, CISA, CIA, CISM) along with an equivalent level of professional work experience Physical Requirements General office demands About Us The United Network for Organ Sharing (UNOS) coordinates the nation’s organ transplant system, providing vital services to meet the needs of men, women and children awaiting lifesaving organ transplants.
Based in Richmond, Va.
, UNOS is a private, nonprofit membership organization.
UNOS members encompass every transplant hospital, tissue matching laboratory and organ procurement organization in the United States, as well as voluntary health and professional societies, ethicists, transplant patients and organ donor advocates.
Top workplace in Richmond since 2014 UNOS is a great place to work! We have been named a Top Workplace in Richmond by the Richmond Times-Dispatch for 10 years in a row.
Virginia Values Veterans Certified UNOS is V3-certified! V3- Certified companies work with the Department of Veterans Services and other strategic partners to support Virginia’s Veterans.
UNOS Benefits For information on UNOS, including more information on employee benefits, take a look at the UNOS Employee Benefits Summary.
Authorization Must be authorized to work in the US.
Sponsorship is not available for this position.
Agency Statement No Agencies Please.
UNOS provide equal employment opportunity for all applicants and employees.
It will not unlawfully discriminate or permit harassment against any employee or applicant on the basis of race, ethnicity, color, religion, national origin, gender, age, disability, familial or marital status, military or veteran status, sexual orientation, gender identity and expression, genetic information, or any other characteristics or classification protected under applicable law (“protected categories”).
This policy applies not only to hiring, but also to working conditions, benefits and privileges of employment, training, appointments for advancement, transfers, layoffs, recalls, terminations of employment and all other terms and conditions of employment.
UNOS is also an affirmative action employer.
It takes affirmative action to recruit and provide opportunities for advancement to qualified females and minorities, individuals with disabilities, special disabled veterans and other protected veterans.
It hires and promotes based on job-related requirements and individual qualifications.
Action is taken to ensure the fulfillment of this policy as to all phases of the employment process including hiring, placement, training, upgrading, transfers and/or demotions, recruiting, layoffs and termination of employment.
UNOS invites individuals with disabilities and protected veterans to identify themselves, if they wish to do so.
Such communication will be kept as confidential as possible and will be used only in accordance with the law.
Candidates may contact the EEO/AA Officer at human.
resources@unos.
org to self-identify or request an accommodation.
EEO is the Law | EEO is the Law Supplement | E-Verify Participation English/Spanish | Right to Work | Right to Work Spanish | Pay Transparency
• Phone : NA
• Location : 700 N 4th St, Richmond, VA
• Post ID: 9109485731
