Talent.com
Senior Principal, IT Governance, Risk and Compliance (GRC)
Senior Principal, IT Governance, Risk and Compliance (GRC)American Red Cross • New York, NY, United States
Senior Principal, IT Governance, Risk and Compliance (GRC)

Senior Principal, IT Governance, Risk and Compliance (GRC)

American Red Cross • New York, NY, United States
[job_card.variable_hours_ago]
[job_preview.job_type]
  • [job_card.full_time]
[job_card.job_description]

Please use Google Chrome or Mozilla Firefox when accessing Candidate Home.

By joining the American Red Cross you will touch millions of lives every year and experience the greatness of the human spirit at its best. Are you ready to be part of the world's largest humanitarian network?

Join us-Where your Career is a Force for Good!

Job Description : WHY CHOOSE US?

Joining The American Red Cross is like nothing else - it's as much something you feel as something you do. You become a vital part of the world's largest humanitarian network. Joining a team of welcoming individuals who are exceptional, yet unassuming. Diverse, yet uncompromising in unity. You grow your career within a movement that matters, where success is measured in people helped, communities made whole, and individuals equipped to never stop changing lives and situations for the better.

When you choose to be a force for good, you'll have mentors who empower your growth along a purposeful career path. You align your life's work with an ongoing mission that's bigger than all of us. As you care for others, you're cared for with competitive compensation and benefits. You join a community that respects who you are away from work as much as what you do while at work.

WHAT YOU NEED TO KNOW ABOUT THE JOB :

As the Senior Principal, IT Governance, Risk and Compliance (GRC), you will be primarily responsible for supporting the delivery of a successful governance, risk, and compliance (GRC) program at the American Red Cross.

You will design, implement, and monitor a comprehensive IT policy and control framework, supporting mission-critical business systems and processes leveraging the Red Cross ServiceNow platform for Integrated Risk Management. This framework will meet minimum requirements including NIST 800-53, NIST 800-171, and best practices in IT governance, security, risk, and compliance. Working closely with key stakeholders and cross-functional colleagues, you will advise on the design and execute assessments to identify areas of improvement. You will also work with IT and business leadership to remediate any gaps as a first line of defense.

The primary focus of this position will be serving as the key liaison and coordination point between IT / Business teams and Internal Audit to ensure alignment, transparency, and effective execution of audit-related activities. This role will drive collaboration across teams to support audit readiness, remediation efforts, and continuous improvement of IT controls. In addition, the position will contribute to maturing the American Red Cross GRC program through process optimization, policy development, automation, training, and ongoing enhancement of governance capabilities. This is a unique opportunity to combine IT, audit, and process improvement expertise while working closely with leaders across IT, Information Security, Internal Audit, Finance, and the Office of General Counsel (OGC).

The work location for this exciting opportunity is virtual. The selected candidate will work 100% remotely from home and can be located anywhere in the United States with a preference to work East Coast hours

WHERE YOUR CAREER IS A FORCE FOR GOOD (Key Responsibilities) :

Audit Coordination & Support :

  • Work with Internal and External auditors, business stakeholders and suppliers as appropriate on required IT control assessments and audits
  • Provide first level of support and consulting to the business and IT on internal audit activities and results as well as risk mitigation initiatives in response to audit findings
  • Manage overall remediation process and create and oversee action plans to remediate issues

Overall Governance, Risk, and Compliance :

  • Assist the Director, IT Governance, Risk, and Compliance and Senior Director, IT Governance, Risk and Compliance with IT governance and controls, internal and external audit readiness and support, and policy and standard development
  • Responsible for daily governance, risk, control, and compliance functions leveraging ServiceNow
  • Participate in and contribute to the IT Governance, Risk and Compliance program, ensuring IT controls, policies, processes, and procedures support the mission of the Red Cross and meet state and federal regulations and laws, as well as best practices
  • Collaborate with and influence technology and business leaders and staff to create, sustain, and strengthen internal control framework for the organization through control identification, design, implementation, and testing
  • Provide guidance, training, and motivation necessary to create control awareness, ownership and accountability to stakeholders
  • Consult with Information Security, Office of General Counsel / Legal, Supply Management, Risk Management, Audit Services, and other appropriate parties sharing expertise and knowledge to strengthen the Red Cross control environment
  • Interpret regulatory compliance requirements and assist with gap analysis of current policies, procedures, and practices as they relate to established guidelines outlined by NIST-800-53 / 171 / 30 and other regulatory standards
  • Provide guidance, interpretation, and support of SOC 1 and SOC 2 Security Trust criteria
  • Research regulations by reviewing regulatory bulletins and other sources of information, to maintain quality service by establishing and enforcing organization standards
  • Support the maintenance of program processes and procedures using ServiceNow

    • Control Assessment Process :

  • As a subject matter expert (SME), participate in on-going evaluations and validation of IT control effectiveness and internal business processes via ServiceNow and other tools, as they relate to compliance activities within areas of responsibility
  • Review control documentation to assess the quality and effectiveness of the implemented controls
  • Identify and communicate opportunities to enhance technical controls which contribute to sustaining a robust control environment
  • Document, track, and report on control gap findings, risk, impacts and recommendations to management
  • Participate in the establishment of actionable metrics to drive the control assessment process and influence behaviors to IT Leadership
  • Manage the Exception and Risk Acceptance Process as it relates to control gaps and audit findings

    • Policy, Standard, and Procedures :

  • Support and assist with coordination and implementation of Information Technology policies and standards to sustain regulatory and compliance initiatives as required by the business needs
  • Work and consult with the President's Office during policy review and communication
  • Analyze policies, standards, procedures, and guidelines for regulatory and compliance requirements, and recommend solutions for identified weaknesses, to improve compliance operations, recommend and assist in changes to best practices

    • Scope : Individual contributor that is fully proficient in applying subject matter knowledge. Knowledge based acquired from several years of experience in particular area. Work independently and may instruct, or coach other professionals.

    Qualified candidates must be authorized to work in the United States. The American Red Cross does not sponsor employment visas.

    WHAT YOU NEED TO SUCCEED (required / minimum qualifications) :

  • Bachelor's degree in a related field required (IT, audit, and / or information security) or closely related discipline.
  • Minimum 10 years of related experience or equivalent combination of education and related experience required
  • 3-5 years of experience in Governance, Risk, and Compliance roles with hands-on ServiceNow GRC experience
  • Service Now Integrated Risk Management experience is required.
  • Working knowledge of control frameworks, IT general controls, and security controls such as, NIST, ISO, COBIT, FedRAMP, SOC 2, ISO 27001
  • Highly motivated and proactive with strong organizational, communication, and project management skills
  • Experience drafting, remediating, or editing of IT policies, standards, procedures and controls
  • Experience working cross-functional with engineers, product and security teams, business leaders at all levels of the organization
  • Experience coordinating with internal and / or external audit teams
  • Ability to understand key controls and communicate them in a digestible way to IT technologists, control owners, and senior leaders
  • Strong written and oral communication skills with utilization of appropriate tools (MS Excel, ServiceNow, etc.)
  • Solid analytical and problem-solving skills in process review and issue remediation
  • Open-mindedness, creative thinking, willingness to take calculated risks, and make informed decisions
  • Certifications such as CISA, CISSP, CISM, CRISK are a plusA sense of unparalleled passion, energy, and eagerness to contribute to and support the mission of the Red Cross

    • PAY INFORMATION :

    The annual salary range for this position is $110K - $140K. We do not offer an annual bonus for this role.

    Note that American Red Cross salaries are aligned to the specific geographic location in which the work is primarily performed. Other factors that may be used to determine your actual salary may include your specific skills, how many years of experience you have and comparison to other employees already in this role.

  • We will review specific salary information at the time of phone screening based upon your location & experience.

    • BENEFITS FOR YOU :

    As a mission-based organization, we believe our team needs great support to do great work. Our comprehensive package includes :

  • Medical, Dental Vision plans
  • Health Spending Accounts & Flexible Spending Accounts
  • PTO : Starting at 15 days a year; based on type of job and tenure
  • Holidays : 11 paid holidays comprised of six core holidays and five floating holidays
  • 401K with up to 6% match
  • Paid Family Leave
  • Employee Assistance
  • Disability and Insurance : Short + Long Term
  • Service Awards and recognition
  • LI-EH1

    • IND123

    Apply now! Joining our team will provide you with the opportunity to

    make your career a force for good!

    The American Red Cross is an Equal Opportunity employer. All qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, color, religion, national origin, disability, protected veteran status, age, or any other characteristic protected by law.

    Qualified applicants with arrest or conviction records will be considered for employment in accordance with the Los Angeles County Fair Chance Ordinance for Employers, San Diego Fair Chance Ordinance, the California Fair Chance Act and any other applicable state and local laws.

    AmeriCorps, the federal agency that brings people together through service, and its partners - the Peace Corps, AmeriCorps Alums, National Peace Corps Association, and the Service Year Alliance - launched Employers of National Service to connect national service alumni with opportunities in the workforce.American Red Cross is proud to be an EONS partner and share our employment opportunities with the network of organizations.

    Interested in Volunteering? Visit redcross.org / volunteertoday to learn more, including our most-needed volunteer positions.

    To view the EEOC Summary of Rights, click here : Summary of Rights

    [job_alerts.create_a_job]

    Principal It Governance • New York, NY, United States

    [internal_linking.related_jobs]
    Senior Director of Information Technology Core Systems Operations

    Senior Director of Information Technology Core Systems Operations

    MetroPlus Health Plan • New York, NY, United States
    [job_card.full_time] +1
    Senior Director of Information Technology Core Systems Operations.Water Street, 7th Floor, New York, NY 10004 .New Yorkers by uniting communities through care. We believe that Health care is a ri...[show_more]
    [last_updated.last_updated_30] • [promoted]
    Manager - IT SOX Risk Advisory

    Manager - IT SOX Risk Advisory

    EisnerAmper • New York, NY, United States
    [job_card.full_time]
    At EisnerAmper, we look for individuals who welcome new ideas, encourage innovation, and are eager to make an impact.Whether you're starting out in your career or taking your next step as a seasone...[show_more]
    [last_updated.last_updated_variable_days] • [promoted]
    IT Regional Manager

    IT Regional Manager

    Solugenix Corp • New York, NY, US
    [job_card.permanent]
    IT Regional Manager - $155k – 195k New York, NY (Onsite) Direct Hire Job ID 25-09870 IT Regional Manager opportunity needed. This is a direct hire opportunity based out of New York, NY (Onsite).The ...[show_more]
    [last_updated.last_updated_variable_days] • [promoted]
    Information Governance Compliance Manager

    Information Governance Compliance Manager

    Cooley LLP • New York, NY, United States
    [job_card.full_time]
    Information Governance Compliance Manager.Cooley is seeking an Information Governance (IG) Compliance Manager to join the IG & Privacy team. Cooley Information Governance & Privacy embraces a cultur...[show_more]
    [last_updated.last_updated_variable_days] • [promoted]
    Director, Division of Infectious Diseases

    Director, Division of Infectious Diseases

    Hackensack Meridian Health • Neptune Township, US
    [job_card.full_time] +1
    Director, Division of Infectious Diseases.Jersey Shore University Medical Center.Hackensack Meridian Health – Neptune, New Jersey. Hackensack Meridian Health is seeking a Director, Division of...[show_more]
    [last_updated.last_updated_30] • [promoted]
    Bakery Team Leader (Department Manager)

    Bakery Team Leader (Department Manager)

    Whole Foods Market • Wall Township, NJ, US
    [job_card.full_time]
    A career at Whole Foods Market is more than just the work you do- it's about your personal growth and creating meaningful change. Our purpose is to nourish people and the planet.That means improving...[show_more]
    [last_updated.last_updated_variable_hours] • [promoted] • [new]
    IT Governance and Compliance Manager

    IT Governance and Compliance Manager

    Amalgamated Bank Of Ny • New York City, New York, USA
    [job_card.full_time]
    The Information Technology Governance and Compliance manager owns the IT governance framework this role is meant to function as first and second line risk for IT line 1. Responsible for managing all...[show_more]
    [last_updated.last_updated_variable_days] • [promoted]
    Senior Director, Risk Reporting and Innovation

    Senior Director, Risk Reporting and Innovation

    CIBC Bank USA • New York, NY, US
    [job_card.full_time]
    CIBC Bank USA seeks a Senior Director, Risk Reporting and Innovation to advise the Chief Risk Officer on CIBC’s aggregate risk profile. Maintain systems and processes to aggregate risk data and prov...[show_more]
    [last_updated.last_updated_variable_hours] • [promoted] • [new]
    Senior IT Security & Compliance Consultant

    Senior IT Security & Compliance Consultant

    Network Right LLC • New York, NY, United States
    [job_card.full_time]
    As a Senior IT Security & Compliance Consultant at Network Right, you’ll help our clients build and maintain strong security and compliance programs that meet today’s most rigorous standards — incl...[show_more]
    [last_updated.last_updated_variable_days] • [promoted]
    IT Security Identity and Access Management (W2 Only)

    IT Security Identity and Access Management (W2 Only)

    Neotecra, Inc. • New York, NY, US
    [job_card.full_time]
    We are seeking a skilled Privileged Access Management (PAM) Engineer to join our cybersecurity team.This role will focus on securing privileged identities across Active Directory (AD), Entra ID, Li...[show_more]
    [last_updated.last_updated_variable_days] • [promoted]
    Director; EAC Compliance & Operational Risk Manager

    Director; EAC Compliance & Operational Risk Manager

    Bank of America N.A. • New York, New York, US
    [job_card.full_time]
    Director; EAC Compliance & Operational Risk Manager sought by Bank of America N.Investment Banking ("IB") transactions for potential addition(s) to the Watch List & / or Restricted List.Follo...[show_more]
    [last_updated.last_updated_variable_days] • [promoted]
    Supervisory Principal

    Supervisory Principal

    TEKsystems • New York, NY, United States
    [job_card.full_time]
    We are currently looking to hire an Analyst within the Advisor Review area of the Business Risk Management department within the Compliance, Legal and Risk (CLR) organization.The Advisor Review Ana...[show_more]
    [last_updated.last_updated_variable_days] • [promoted]
    Director; EAC Compliance & Operational Risk Manager

    Director; EAC Compliance & Operational Risk Manager

    BankTalent HQ • New York, NY, United States
    [job_card.full_time]
    Director; EAC Compliance & Operational Risk Manager sought by Bank of America N.Investment Banking ("IB") transactions for potential addition(s) to the Watch List & / or Restricted List.Follow up wit...[show_more]
    [last_updated.last_updated_variable_hours] • [promoted] • [new]
    Regional Medical Director (m / w / d)

    Regional Medical Director (m / w / d)

    BoldAge PACE • Oceanport, NJ, United States
    [job_card.full_time]
    Join BoldAge PACE and Make a Difference!.We make what is important to those we serve important to us.Enhance the quality of life for seniors. Access to training and career development.Are you passio...[show_more]
    [last_updated.last_updated_variable_days] • [promoted]
    IT Governance Risk Compliance Specialist

    IT Governance Risk Compliance Specialist

    VirtualVocations • Yonkers, New York, United States
    [job_card.full_time]
    A company is looking for a Senior Principal, IT Governance, Risk and Compliance (GRC).Key Responsibilities : Coordinate and support internal and external audits, managing remediation processes and...[show_more]
    [last_updated.last_updated_variable_hours] • [promoted] • [new]
    Senior Program Manager- IT Strategy & Governance

    Senior Program Manager- IT Strategy & Governance

    Mizuho Bank • New York, NY, US
    [job_card.full_time]
    Defining key initiatives to ensure bank is in line with regulatory expectations and industry best practice.Driving the delivery of key initiatives from design through to delivery including developm...[show_more]
    [last_updated.last_updated_variable_days] • [promoted]
    Team Lead, IT Financial Applications

    Team Lead, IT Financial Applications

    Presidio Networked Solutions, LLC • New York, NY, United States
    [job_card.full_time]
    Presidio, Where Teamwork and Innovation Shape the Future.AtPresidio, we're at the forefront of a global technology revolution, transforming industries throughcutting-edge digital solutions and next...[show_more]
    [last_updated.last_updated_variable_days] • [promoted]
    Sr. Quality Systems Engineering

    Sr. Quality Systems Engineering

    Safran Aerosystems Evac • Asbury Park, New Jersey, US
    [job_card.full_time]
    Quality Systems Engineering opp.PoC w / 3rd Party Registrar & regulators i.Includes : Presentations to customers, regulators about the QMS. SIPOC documentation & PEAR diagrams; meeting KPIs; ...[show_more]
    [last_updated.last_updated_variable_days] • [promoted]