CLA is dedicated to building a culture that invites different beliefs and perspectives to the table, so we can truly know and help our clients, communities, and each other.
CLA is looking to hire a Security GRC Manager to join our growing Enterprise Information Security team, you will lead our efforts to mature CLA’s risk management program, processes, and strategy. The ideal candidate will have experience in facilitating risk management through utilization of various risk identification and mitigation strategies, leading GRC professionals, maximizing productivity of a team and have a passion for continual professional growth.
As a Manager GRC, and in conjunction with the Director of Enterprise Information Security, you will lead our efforts to mature CLA’s risk management program, processes, and strategy. The ideal candidate will have experience in facilitating risk management through utilization of various risk identification and mitigation strategies, leading GRC professionals, maximizing productivity of a team and have a passion for continual professional growth.
How you’ll create opportunities in this Security GRC Manager role:
Lead and manage a team of GRC professionals to maximize the team’s potential and to provide best of class risk management services to CLA employees and clients.Manage the IT Risk Management Program, including IT Risk Assessments, Vendor Risk Assessments, Risk Register, IT Security Policies, and Client Security Inquiry Responses.Lead the IT risk lifecycle process from identification, qualification, quantification, reporting, tracking and remediation.Lead and collaborate with the risk advisory team to develop corrective action plans and drive risk mitigation efforts.Apply various risk assessment strategies to identify risks and driving mitigation efforts to completion by successfully leveraging IT teams.Compile and quantify risks for reporting and communicate results in a meaningful way to program stakeholders.Document risks thoroughly and concisely to drive effective corrective action plans.Lead CLA IT’s compliance program as related to various security and privacy frameworks such as CMMC, NIST CSF, CIS, HIPAA & SOC2.Translate cyber security framework control language to technical requirements.Lead and coordinate the response to third-party security assessments with external parties.Through effective collaborations with key stakeholders, ensure CLA is meeting our data protection commitments to our Family Members and our Clients.Prepare and present risk reports to senior management and stakeholders.Stay updated on emerging IT risks, threats, and best practices.What you will need:
7 years of experience in governance, risk and compliance, team leadership or management, security frameworks, risk assessment, risk analytics, risk modeling, and/or risk management.3 years of demonstrated ability to manage complex projects or leading GRC operations.2 years of demonstrated ability to lead project or operation teams.1 year of supervisory experience.Bachelor’s degree is required. Combination of relevant experience, education and training may be accepted in lieu of degree.CISSP, CISM, or CISA preferred.Our Perks:
Flexible PTO (designed to offer flexible time away for you!)Up to 12 weeks paid parental leavePaid Volunteer Time OffMental health coverageQuarterly Wellness stipendFertility benefitsComplete list of benefits here#LI-JH1
Equal Opportunity Employer /AA Employer/Minorities/Women/Protected Veterans/Individuals with Disabilities.
Click here to learn about your hiring rights.
Wellness at CLA
To support our CLA family members, we focus on their physical, financial, social, and emotional well-being and offer comprehensive benefit options that include health, dental, vision, 401k and much more.
To view a complete list of benefits click here.