GRC Program Manager @ International Rescue Committee | Jobright.ai
JOBSarrow
RecommendedLiked
0
Applied
0
External
0
GRC Program Manager jobs in New York, NY
Be an early applicantLess than 25 applicants
company-logo

International Rescue Committee · 8 hours ago

GRC Program Manager

positionNew York, NY
timeFull-time
remoteRemote
senioritySenior Level
date5+ years exp
ftfMaximize your interview chances
Non Profit
check
H1B Sponsor Likelynote

Insider Connection @International Rescue Committee

Discover valuable connections within the company who might provide insights and potential referrals.
Get 3x more responses when you reach out via email instead of LinkedIn.

Responsibilities

Act as a strategic partner to senior leadership, aligning GRC efforts with broader organizational goals to contribute to resilience, reputation, and long-term success.
Formalize and enhance the metrics program for consistent monthly and quarterly reporting on key information security metrics and trends, providing actionable insights for executive management.
Drive a comprehensive, multi-cultural security training and awareness initiative, ensuring all staff are well-versed in security policies, procedures, and implications for their roles.
Further implement and optimize IRC's GRC platform to support strategic GRC objectives, enabling efficient reporting, seamless integration with existing workflows, and improved organizational visibility.
Identify, assess, prioritize, mitigate, and continuously monitor risks in alignment with IRC's risk appetite, creating actionable insights for leadership.
Facilitate regular interviews with Asset Owners and Custodians to perform risk identification, risk scenario development and assessment, business impact analysis (BIA), and control assessments.
Maintain the IT Risk Register while proactively building and refining strategic approaches to mitigate identified risks and monitor relevant controls.
Lead third-party risk management efforts, including overseeing the deployment and use of the Vendor Risk Assessment (VRA) module, ensuring rigorous vetting and oversight of external partnerships.
Integrate threat intelligence into risk management and incident response, anticipating emerging threats and aligning with predictive risk analytics to support proactive security measures.
Ensure compliance with relevant laws, regulations, industry standards, and donor obligations, including GDPR, ISO 27001, NIST Cybersecurity Framework (CSF), and NIST 800-171.
Partner with Legal, Supply Chain, and other teams to facilitate contract reviews, update language for security obligations, and ensure IRC’s preparedness for donor contract and revenue compliance.
Strengthen organizational understanding of policies and conduct regular assessments to measure and improve workforce compliance.
Coordinate IT audits, cyber risk assessments, and control assurance activities.
Maintain a robust awareness of emerging threats, best practices, and evolving regulations across cybersecurity, privacy, and compliance domains, providing guidance on ethical considerations, including data privacy laws and responsible use of artificial intelligence.
Develop and refine internal processes and policies to address and anticipate compliance needs in rapidly evolving regulatory landscapes, ensuring IRC stays ahead of regulatory changes.
Establish, track, and report on key GRC metrics, including KPI/KRIs, to measure program effectiveness, supporting a continuous improvement model, define risk threshold triggers, and leveraging benchmarking to align with industry standards.
Foster a culture of security and compliance across all levels of the organization, promoting ownership and accountability among staff for information security.
Champion role-specific security education programs that go beyond basic awareness, addressing unique risks associated with different roles and functions within the organization.

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

GRC program experienceCybersecurity knowledgeRisk managementCompliance knowledgeData analysis toolsChange managementTraining program developmentISO 27001NIST CSFGDPR complianceCISSP certificationCISM certificationCRISC certificationFrench languageArabic language

Required

Relevant Bachelor’s degree; Masters degree in Computer Science, Security or related highly desired.
At least 5-7 years GRC program experience required, including at least 2 years of functional ownership.
Relevant information security program experience permitted.
At least 2 years in a global organization.
Global GRC program development and implementation, including governance framework and policy enforcement.
Strong leadership, forming and leading internal working groups and governance bodies related to information security, risk, and compliance.
Independent problem-solving, proactive approach, and ability for strategic decisions.
Proactive analytical and critical thinking, committed to understanding needs.
Change management expertise, securing buy-in across the organization.
Hands on experience with GRC platform implementation and operation.
Deep knowledge of cybersecurity, IT risk management, incident response, and data privacy, including relevant laws, regulations, and security frameworks, e.g., ISO 27001-2022, NIST 800-53 R4, NIST CSF 2.0.
Effective communication and stakeholder engagement at all levels with integrity and discretion in handling sensitive matters.
Development and delivery of training programs and awareness campaigns.
Proficiency in managing third-party/vendor risk assessments and compliance.
Proficiency in data analysis techniques and tools, e.g., data aggregation, PowerBI/Tableau, etc.
Adaptability to evolving security threats and industry trends.
Commitment to ethical conduct and regulatory compliance.
English required.

Preferred

Nonprofit experience desired.
French and Arabic a plus.
Certifications such as CISSP, CISM, CRISC, or other related certifications are desirable.

Benefits

10 sick days
10 US holidays
20-25 paid time off days depending on role and tenure
Medical insurance starting at $143 per month
Dental starting at $6.50 per month
Vision starting at $5 per month
FSA for healthcare and commuter costs
A 403b retirement savings plans with immediately vested matching
Disability & life insurance
Employee Assistance Program which is available to our staff and their families to support counseling and care in times of crisis and mental health struggles

Company

International Rescue Committee

twittertwittertwitter
Glassdoor
3.7
company-logo
IRC responds to the world's worst humanitarian crises & helps some of the most vulnerable people from harm to home.
dateFounded in 1933
location
New York, New York, USA
people-size10001+ employees
web-link
http://www.rescue.org/

H1B Sponsorship

International Rescue Committee has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2023 (16)
2022 (19)
2021 (13)
2020 (8)

Funding

Current Stage
Late Stage
Total Funding
$1.25M
Key Investors
American Student AssistanceThe Pfizer FoundationU.S. Department of Agriculture
2024-03-25Grant· $0.5M
2021-11-30Grant
2021-10-07Grant· $0.75M

Leadership Team

leader-logo
David Miliband
President & CEO
linkedin
leader-logo
Katherine Crowley
Associate Director, Global Corporate Partnerships
linkedin

Recent News

MarketScreener
Sudan again tops International Rescue Committee crises watchlist
2024-12-11
Zawya.com
Sudan largest humanitarian crisis ever recorded: IRC report
2024-12-11
Inside INdiana Business
Notre Dame institute joins group studying how to combat poverty
2024-12-09
Company data provided by crunchbase
logo

Orion

Your AI Copilot