3,071 Governance Risk Compliance jobs in the United States

The Senior Manager, Governance, Risk & Compliance is a key leadership position in Vanguard’s Global Enterprise Security’s Governance, Risk, Compliance (GRC) and Strategic Operations team. This position leads a team which oversees, recommends, develops, implements, and monitors enterprise-wide information security policies, procedures, and operational guidelines. It sets the departmental Enterprise Security and Fraud GRC vision and develops strategies in alignment with the overall mission. Modernize integrated GRC framework to align with evolving risks, technological advancements, business priorities, and regulatory obligations.

Core Responsibilities

• Hires, evaluates, and supervises crew. Provides guidance and training as necessary to develop crew. Sets performance standards, reviews performance, and makes informed compensation decisions in accordance with all applicable Human Resources policies and procedures.

• Defines and executes the vision, strategy, and roadmap for GRC to support the overall cybersecurity and fraud risk objectives and priorities.

• Oversees partnerships with Enterprise Security and Fraud subdivisions and Vanguard business units regarding security of application and systems software, equipment, and related capabilities and performance characteristics to evaluate their effectiveness at meeting defined security requirements. Defines integration requirements and identifies ramifications on Security and Fraud, IT and business unit operations of their implementation.

• Develops and maintains a comprehensive portfolio of global security policies and standards. Oversees and manages the entire lifecycle of the portfolio, ensuring alignment with organizational goals and regulatory requirements. Responsible for governance and decision-making related to methodology and policy for all security and fraud functions.

• Influences key stakeholders and security policy owners during policy discussions. Interfaces with clients on all inquiries related to Information and IT Security capabilities, bringing in technical experts as client situations demand. Responsible for review and approval of all RFP responses related to security.

• Leads the modernization initiative to update a cohesive GRC framework, aimed at simplifying, upgrading, and creating clear visibility for policies, standards, controls, and taxonomy. Ensures alignment with risk management and compliance obligations at both enterprise and regional levels.

• Develops automations and data driven insights from to drive effective operations and risk reduction.

• Briefs leadership on the state of cybersecurity and Fraud GRC to provide insights into trends and impact of strategic business, technology, and cybersecurity investments.

• Works with Compliance and Regional Security and fraud teams to understand global regulatory requirements for security, develop global Security and Fraud policies and standards, and oversee implementation. Interfaces with external regulators for Security and Fraud.

• Leads the development and maintenance of the Security and Fraud organization's key risk indicators and key performance indicators in partnership with Line 2 risk management.

• Participates in special projects and performs other duties as assigned.

Qualifications

• Minimum of ten years related work experience.

• Undergraduate degree or equivalent combination of training and experience. Graduate degree preferred.

• Proven leadership experience leading global cross-functional teams.

• Demonstrated experience setting vision, strategy, and modernization service capabilities.

• In-depth knowledge of relevant frameworks and control standards (i.e., NIST CSF, NIST 800-53, CIS Controls, ISO 27002) and financial services industry cyber regulations and guidelines, and considered an expert in the domain.

• Proficient in developing effective cybersecurity GRC OKRs and risk-based controls dashboards.

• Excellent communication and influencing skills.

• Influence key stakeholders and security policy and control owners.

• Professional certification (CISSP, CISM, CompTIA, SANS, ISC2) preferred.

Special Factors

Sponsorship

Vanguard is not offering visa sponsorship for this position.

About Vanguard

At Vanguard, we don't just have a mission—we're on a mission.

To work for the long-term financial wellbeing of our clients. To lead through product and services that transform our clients' lives. To learn and develop our skills as individuals and as a team. From Malvern to Melbourne, our mission drives us forward and inspires us to be our best.

How We Work

Vanguard has implemented a hybrid working model for the majority of our crew members, designed to capture the benefits of enhanced flexibility while enabling in-person learning, collaboration, and connection. We believe our mission-driven and highly collaborative culture is a critical enabler to support long-term client outcomes and enrich the employee experience.

At SpartanNash, we deliver the ingredients for a better life through customer-focused innovation. We do this for our supply chain customers and U.S. military commissaries, retail store guests and, most importantly, our Associates. In fact, we see a day when each will say, **_"I can't live without them."_**
Our SpartanNash family of Associates is 20,000 strong, ranging from bakery managers to order selectors; from IT developers to vice presidents of finance; from HR Business Partners to export specialists. Each of them plays an integral role in SpartanNash's **People First** culture, Operational Excellence and Insights that Drive Solutions. Ready to contribute to the success of our food solutions company? Apply now!
**Location:**
850 76th Street S.W. - Byron Center, Michigan 49315
**Job Description:**
**Position Summary** :
This role is responsible for supporting the security direction of the business and elevating the company's security posture. The role oversees the business' security requirements and obligations mandated by standards and regulations such as the Gramm-Leach-Bliley Act (GLBA), Sarbanes-Oxley Act (SOX), Health Information Portability and Accountability Act (HIPAA) and Payment Card Industry Data Security Standard (PCI DSS).
**Here's** **what** **you'll** **do:**
+ Lead a team of GRC Analysts to Conduct enterprise-wide, ongoing risk analysis in tandem with compliance and security and maintain oversight in a GRC-related platform.
+ Identify strengths and weaknesses in the security program as they relate to privacy, security, business resiliency and compliance frameworks.
+ Maintain strong oversight of third parties, vendors, and partners to safeguard against undue risk presented by external entities. Escalate to security management and business unit leads when points of weakness are discovered.
+ Analyze findings, and document, recommend and report program gaps to security leadership.
+ Work in tandem with security and audit leadership to perform ongoing security program assessments and participate in the creation of annual strategic technology and budgetary directives.
+ Monitor current and proposed security changes impacting regulatory, privacy and security industry best practice guidance.
+ Support audit practices and processes and work with the IT organization to ensure findings are remediated.
+ Work closely with legal, audit, and security leadership to ensure cybersecurity policies and practices are created, documented, implemented, measured and aligned within an appropriate level of risk.
+ Create,implementand measure procedures to support Cybersecurity policies and practices.
+ Enforce a strong security culture mindset set forth by risk management, ensuring uniformity across technical teams, business units, and employees.
+ All other duties as assigned
**Here's** **what** **you'll** **need:**
+ At least 8 years of IT or cybersecurity experience (or IT coupled with cybersecurity), with at least two years in an operationally focused IT Assurance or security practitioner role.
+ Experience with Payment Card Industry (PCI) assessments, PCI-P certification preferred.
+ Strong experience with NIST CSF and Risk Management Framework
+ Skilled at working with diverse teams and promoting enterprise-wide risk management rigor and a security-first culture.
+ High level of integrity, trustworthiness, and confidence to represent the company and risk management leadership with the highest level of professionalism.
+ Experience with creating and maintaining cybersecurity policies and assessing organizations using a standard security framework.
+ Demonstrated knowledge of operating systems, networking, security concepts, cybersecurity regulations, and best practices.
+ Excellent analytical, problem-solving, troubleshooting, and decision-making
+ Excellent organization, prioritization, and attention to detail skills. 
+ Ability to lead projects and provide work direction to others. 
+ Must be able to work independently and in team settings. 
+ Highly organized, detail oriented, with excellent written and verbal communication skills.
+ CISSP, CISM, or CRISC are preferred but not required.
+ At least 3 years of team leadership experience is required.
**Physical Requirements:**
The physical demands described here are representative of those that must be met by an associate to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
May be required to lift and/or move 20 pounds. The associate is frequently required to sit/stand/walk. While performing the duties of this position, the associate is subject to a typical office environment and is rarely exposed to outside weather conditions. Temperatures may vary for those subject to any of the following areas: computer/server room, print shop, production area). The noise level in the work environment is usually low to moderate but may be high in distribution settings. Travel requirements vary by assignment.
As part of our **People First** culture, SpartanNash is proud to offer a robust and competitive Total Rewards benefits package ( .
SpartanNash is an Equal Opportunity Employer that invests in Associate development, recognizes and celebrates success, fosters two-way communication, and promotes a sense of belonging. We are committed to providing equal employment opportunities to all individuals, including those with disabilities and Veterans.
We are not able to sponsor work visas for this position.
**SpartanNash (Nasdaq: SPTN) is a food solutions company that delivers the ingredients for a better life. Committed to fostering a** **People First** **culture, the SpartanNash family of Associates is 20,000 strong. SpartanNash operates two complementary business segments - food wholesale and grocery retail. Its global supply chain network serves wholesale customers that include independent and chain grocers, national retail brands, e-commerce platforms, and U.S. military commissaries and exchanges. The Company distributes products for every aisle in the grocery store, from fresh produce to household goods to its OwnBrands, which include the Our Family® portfolio of products. On the retail side, SpartanNash operates nearly 200 brick-and-mortar grocery stores, primarily under the banners of Family Fare, Martin's Super Markets and D&W Fresh Market, in addition to dozens of pharmacies and fuel centers with convenience stores. Leveraging insights and solutions across its segments, SpartanNash offers a full suite of support services for independent grocers. For more information, visit** **spartannash.com** **.**
Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, protected veteran status or other characteristics protected by state or federal law. Reasonable accommodations may be made to enable individuals with disabilities to perform essential job functions. If you require assistance or an accommodation of any kind to complete an application, please contact us at

**Workforce Classification:**
Hybrid
**Join Our Team: Do Meaningful Work and Improve People's Lives**
Our purpose, to improve customers' lives by making healthcare work better, is far from ordinary. And so are our employees. Working at Premera means you have the opportunity to drive real change by transforming healthcare.
To better serve our customers, we are fostering a culture that emphasizes employee growth, collaborative innovation, and inspired leadership. We are dedicated to creating an environment where employees can excel and where top talent is attracted, retained, and thrives. As a testament to these efforts, Premera has been recognized on the 2025 America's Dream Employers ( list. Newsweek honored Premera as one of America's Greatest Workplaces ( , America's Greatest Workplaces for Inclusion ( , and America's Greatest Workplaces For Mental Well-Being ( , Forbes ranked Premera among America's Best Midsize Employers ( for the fourth time.
Learn how Premera supports our members, customers and the communities that we serve through our Healthsource blog: .
**_About the role of Governance, Risk and Compliance Analyst, IV_**
The Governance, Risk, and Compliance (GRC) Analyst IV is a senior member of the IT Risk team, championing GRC initiatives across Premera operations, and reports to the Manager of IT Risk, Cyber Risk Management. Possessing a strong sense of urgency, the GRC Analyst IV is instrumental in safeguarding protected data (PHI/PPI), aligning with multiple healthcare regulations, and fortifying risk management strategies. This position is responsible for owning a service within IT Risk and would provide coverage for other services within the capability. This position requires using critical thinking and influencing skills and leadership experience to ensure the operating effectiveness and maturity of their service. The role is key in educating Premera in the areas of IT Risk, IT Controls, and/or IT Resilience, and may be called upon to present evidence of effectiveness to auditors and regulators. This Analyst requires excellent written communications and public speaking skills and should be comfortable making presentations to all levels of staff across the organization.
**_What you'll do:_**
+ Lead risk assessments and compliance audits aligned with healthcare regulations (e.g., HITRUST, NIST 800-53, HIPAA, SOC1/SOC2).
+ Develop, implement, and maintain GRC frameworks and programs to support organizational objectives.
+ Lead internal risk assessments and compliance audits across departments, providing data to leadership for risk-based decision making.
+ Develop and enforce GRC frameworks tailored to Premera operations, systems, and third-party platforms.
+ Monitor, analyze, and report on regulatory changes and industry standards for.
+ Provide training and guidance to business units on governance, risk management, and compliance requirements.
+ Assist in incident response, including breach assessments and HIPAA violation reporting, and post-incident reviews for compliance implications.
+ Engage customers, community and managers at all levels to identify and understand key business issues and objectives, evaluate changes for organizational impacts and recommend an action plan as needed to remain in compliance with Premera Controls.
+ Facilitate cross-functional teams in designing service solutions which incorporate IT Risk.
+ Lead and perform complex problem and workflow analysis, drawing conclusions and recommending resolution opportunities.
+ Research, inform and recommend opportunities to apply business and technology solutions to areas of assigned responsibilities.
+ Develop and present material to Employees, Managers and Executives.
+ Positively influence stakeholders towards achieving the right outcomes.
+ Provide mentorship and direction to less experienced team members.
+ Applies advanced understanding HITRUST framework
+ Own and drive a service in the IT Risk & Resilience capability, such as:
+ Policies, Procedures and Standards management
+ Risk Management Process
+ IT Controls Design and Monitoring
+ IT Controls Compliance
+ Vendor Security
**_What you'll bring:_**
+ Bachelor's degree or four (4) years' work experience. (Required)
+ Five (5) years in an IT environment. (Required)
+ Two (2) years' influencing decisions on technology and process. (Required)
+ Ability to perform risk assessment. (Preferred)
+ Audit and controls experience. (Preferred)
+ Experience with HITRUST Security Framework and Assessment. (Preferred)
+ IT experience in healthcare. (Preferred)
+ Demonstrated understanding of health plan operations and applicable security & privacy legislation.
+ Knowledge of business continuity planning practices.
+ Knowledge of applicable practices and laws relating to data privacy and protection.
+ Ability to cross-train with team members, as well as the ability to learn other services' operations.
+ Track record of consistently driving projects to completion and taking accountability for work and results. Confronts tough issues and situations. Exemplifies teamwork and serves as role model, while also successfully facilitating collaboration across multiple functions, department, and levels. Unquestionable ethics and integrity are pertinent.
+ Consults with clients and teammates to identify all facets of an issue and generate a solution. Understands potential impacts to processes and systems across organization and factors these into solutions. Excellent conceptualization, analytical and logic skills.
+ Ability to communicate effectively and professionally, both orally and in writing, as well as the ability to articulate and translate technical language to non-technical customers. Influence at all levels across the company within span of control.
+ Exhibit skills of leadership and be able to perform duties with little or no supervision.
+ Critical thinking and problem-solving skills
+ Adaptable to constant change
**Working Environment**
Work is performed within a normal office environment with ambient temperature.
**Physical Requirements**
The following have been identified as essential physical requirements of this job and must be performed with or without an accommodation:
+ This is primarily a sedentary role which requires the ability to exert up to 10 lbs. of force occasionally and/or a negligible amount of force frequently or constantly to lift, carry, push, pull, or otherwise move objects, including the human body.
+ This role requires the ability to keyboard and to communicate clearly and understandably in person and over the telephone.
**Premera total rewards**
Our comprehensive total rewards package provides support, resources, and opportunities to help employees thrive and grow. Our total rewards are more than a collection of perks, they're a reflection of our commitment to your health and well-being. We offer a broad array of rewards including physical, financial, emotional, and community benefits, including:
+ Medical, vision, and dental coverage with low employee premiums.
+ Voluntary benefit offerings, including pet insurance for paw parents.
+ Life and disability insurance.
+ Retirement programs, including a 401K employer match and, believe it or not, a pension plan that is vested after 3 years of service.
+ Wellness incentives with a wide range of mental well-being resources for you and your dependents, including counseling services, stress management programs, and mindfulness programs, just to name a few.
+ Generous paid time off to reenergize.
+ Looking for continuing education? We have tuition assistance for both undergraduate and graduate degrees.
+ Employee recognition program to celebrate anniversaries, team accomplishments, and more.
For our hybrid employees, our on-campus model provides flexibility to create your own routine with access to on-site resources, networking opportunities, and team engagement.
+ Commuter perks make your trip to work less impactful on the environment and your wallet.
+ Free convenient on-site parking.
+ Subsidized on-campus cafes make lunchtime connections with colleagues fun and affordable.
+ Participate in engaging on-site activities such as health and wellness events, coffee connects, disaster preparedness fairs and more.
+ Our complementary fitness & well-being center offers both in-person and virtual workouts and nutritional counseling.
+ Need a brain break? Challenge someone to a game of shuffleboard or ping pong while on campus.
**Equal employment** **opportunity/affirmative** **action:**
Premera is an equal opportunity/affirmative action employer. Premera seeks to attract and retain the most qualified individuals without regard to race, color, religion, sex, national origin, age, disability, marital status, veteran status, gender or gender identity, sexual orientation, genetic information or any other protected characteristic under applicable law.
If you need an accommodation to apply online for positions at Premera, please contact Premera Human Resources via email at or via phone at .
The pay for this role will vary based on a range of factors including, but not limited to, a candidate's geographic location, market conditions, and specific skills and experience.
The salary range for this role is posted below; we generally target up to and around the midpoint of the range.
**National Plus Salary Range:**
$131,900.00 - $224,200.00
_*National Plus salary range is used in higher cost of labor markets including Western Washington and Alaska_ _._
We're happy to discuss compensation further during the interview because we believe that open communication leads to better outcomes for all. We're committed to creating an environment where all employees are celebrated for their unique skills and contributions.
At Premera, we make healthcare work better. By focusing on improving our customers' experience purposefully and serving their needs passionately, we make the process easier, less costly, and more positive. Through empathy and advocacy, we change lives.
As the leading health plan in the Pacific Northwest, we provide comprehensive health benefits and services to more than 2 million customers, from individuals to Fortune 100 companies. Our services include innovative programs focused on health management, wellness, prevention, and patient safety. We deliver these programs through health, life, vision, dental, disability, and other related products and services.
Premera Blue Cross is headquartered in Mountlake Terrace, WA, with operations in Spokane and Anchorage. The company has operated in Washington since 1933 and in Alaska since 1952. With more than 80 years of experience in the region, we deliver innovation, choice, and expertise.

Incident Management/Governance Risk Compliance Engineer
Posted: 04/22/2025
Electrosoft Services, Inc. is an award-winning company that provides comprehensive technology-based solutions and services to federal customers. While cybersecurity is our specialty, we also focus on ICAM, enterprise IT modernization, and software solutions. We always seek to delight our customers, so we retain highly qualified employees and offer them meaningful work, growth opportunities, and work-life balance. What sets us apart from all other contractors is the sense of teamwork our employees feel - and the knowledge that outstanding effort is recognized and rewarded. The camaraderie we share emanates from Lunch & Learn sessions where we explore new ideas together, fun group activities ranging from escape rooms to miniature golf, and much, much more. If we've described you and your dream workplace, please apply and share in the many benefits and opportunities we offer.
Incident Management/Governance Risk Compliance Engineer
Responsibilities
+ Support the installation and management of the RSA Archer system.
+ Partner with security and infrastructure teams to maintain system availability.
+ Assist with the implementation of RSA Archer and the eventual migration from HHS' current incident management system
+ Support Archer applications to accommodate business requirements and/or design changes
+ Troubleshoot data feed integration, stakeholder notifications, and reporting requirements
+ Provide extensive knowledge of RSA Archer. Train Archer users on the use of the tool as appropriate. Support SGRC/Archer A&A users to understand and navigate the process and terminology
+ Manage SGRC/Archer user accounts. Perform bulk user upload and single user account creation. Provide SGRC/Archer users with technical support
+ Transfer data to other applications for reporting purposes.
+ Export/Import privacy data into SGRC/Archer ingestible templates.
+ Integrate other software/applications with Archer. Assist OpDivs and system users on how to perform the process of data import into SGRC/Archer and exporting meaningful reports to management stakeholders. Assist in validating data fields for use in the import process
Basic Qualifications
+ 3-5 years of related experience
+ Bachelor's degree
+ Active RSA Archer Cert. Implementer / RSA-CSE certifications
All qualified applicants are considered for employment, and employees are treated during employment without regard to race, color, religion, sex, national origin, age, citizenship, disability, or Veteran status. Additionally, the company provides reasonable accommodations to qualified individuals with disabilities.

What We Offer:

Our excellent salary and benefits package includes medical, dental, vision, life insurance, short and long-term disability coverage, education reimbursement, 401(k), performance bonuses, and an employee stock program. Employee Resource Groups and Programs offered include the Young Professionals Group, Women at Wade Trim, Diversity, Equity and Inclusion, Professional Development, Leadership Development, Rotation Program, Mentor Program, Sustainability Program, and Wellness Program.

Position Description:

We are looking for an Information Security Governance Risk Compliance Analyst to join our IT Team to improve infrastructure in our Detroit office. The candidate must have a bachelor's degree in Computer Science with a focus on Cybersecurity or a closely related field and 3-5 years of experience. Operation knowledge of Azure, O365, CrowdStrike, KnowBe4, Mimecast, ZenGRC+, and Archer. Candidate should also have strong leadership and project management skills, with the ability to manage multiple priorities and deliver results within deadlines. The candidate must also be self-motivated, work well with others, and have excellent writing, organizational, and communication skills. A flexible hybrid-remote work schedule is available after 30 days of employment.

Typical responsibilities include:

• Responsible for monitoring and tracking regulatory changes, ensuring that the organization remains compliant with all relevant laws, standards and industry regulations.
• Conduct comprehensive risk assessments to identify potential threats and vulnerabilities within the organization's operations.
• Assist in the development, implementation, and revision of corporate policies and procedures to align with the best practices and compliance requirements.
• Collaborate with internal and external audit teams, providing documentation and evidence as needed to demonstrate compliance and adherence to governance standards.
• Assist in the development and maintenance of incident response plans to effectively address and mitigate security incidents or compliance violations.
• Prepare and distribute regular reports to IT & IT Security leadership as well as business leadership summarizing risk assessments, compliance status, and recommendations for improvement.
• Assist IT Security operations in the development and delivery of training programs to educate users on governance, risk, and compliance matters, fostering a culture of awareness and accountability.
• Identify opportunities for enhancing governance processes and recommend improvements to reduce risk exposure and enhance operational efficiency.
• Maintain a safe working environment.

Education:

• Bachelor's degree in Computer Science with a focus on Cybersecurity or a closely related field is required.
• Certifications in ISC2 CGRC (formerly CAP) or ISACA CISA are required.
• Certifications in ISC2 CISSP, and ISACA CRISC are not required, but preferred.

Skills/Expereince:

• Minimum of 3 years of related experience
• Strong leadership and project management skills, with the ability to manage multiple priorities and deliver results within deadlines is required
• Strong operating knowledge of platforms such as Azure, O365, CrowdStrike, KnowBe4, Mimecast, ZenGRC+, and Archer
• Excellent communication and interpersonal skills, with the ability to communicate complex security concepts to both technical and non-technical audiences is required
• Excellent organizational skills in order to accommodate multiple tasks simultaneously
• Excellent understanding of technology infrastructure and systems, including networks, databases, and cloud computing is required
• Maintain a professional demeanor at all times and be conscious of confidentiality issues when dealing with individuals at all levels
• Must be easily understood by other employees, clients, and vendors
• Strong analytical and problem-solving skills, with the ability to assess risks and develop practical solutions
• Professional certifications in information security, such as ISC2 CISSP, ISACA CRISC, ISACA CISA, and ISC2 CGRC (formerly CAP) are highly desirable
>

About Wade Trim:

Wade Trim is committed to maximizing the value of infrastructure investments. We've been solving complex engineering challenges for nearly a century. We customize our work approach to fit each project using a collaborative, friendly style to deliver solutions our clients can stand behind.

Our supportive culture recognizes and strives to fulfill collective client, company, and individual needs. Mentoring and building skills of Wade Trim staff is a priority. Frequent interaction among staff is encouraged, company leadership is easily accessible, and opportunities are provided for staff to help shape the firm's future through strategic planning. Work/life balance is supported through a flexible, hybrid work schedule that brings team members together in the office at least three days a week and connects them virtually when working from home.

To solve our clients' toughest challenges, we've devoted ourselves to delivering innovative solutions. Our Office of Applied Technology (OAT) is dedicated to seeking new technologies or ways to apply existing technologies to enhance value to our clients and positively impact communities. All staff are encouraged to share ideas and suggestions for innovative technologies or processes to adopt. This open-minded approach enables us to advance technology, foster innovation, and stay ahead of our clients' needs.

Wade Trim's success is shared by the employees that make it happen. Since our beginning, our firm has been 100% employee owned. This cultivates an ownership mindset that benefits our work approach, collaborative culture, and ability to deliver client solutions. We believe employee ownership drives the sustainability and growth of our firm and provides all our employees with opportunities for financial success.

If you are looking for a challenging and rewarding career in a friendly environment, please submit your resume by visiting the Careers section of our website at

Wade Trim does not accept unsolicited resumes, candidate profiles, or CVs from third-party recruiters or employment agencies. Any submission made without a valid, signed agreement and an approved engagement request from Wade Trim's People Services Team will be considered the property of Wade Trim. Wade Trim reserves the right to pursue and hire any candidate submitted through unsolicited means without any financial obligation to the recruiter or agency. A valid agreement can only be signed by the Director of People Services. Resumes or candidate profiles submitted at the request of a Wade Trim employee who is not authorized by the People Services team do not constitute a valid engagement. Recruiters and agencies must have a current, written agreement authorized by the Director of People Services to be considered an approved vendor.

Wade Trim is an Affirmative Action/Equal Opportunity Employer.

The Doctors Company is currently seeking an Information Security Analyst. This is a hybrid opportunity based in East Lansing, MI.

Position Mission

The Information Security Analyst works closely with management and senior security team, analyst will assist team to complete tasks designed to ensure the confidentiality, integrity, and availability of the organization's systems and informational assets. Support incident response and forensics efforts for all security related investigations, including collecting logs, documenting response steps, and collecting critical evidence. Assist in security risk management processes, including security assessments for both internal and 3rd party systems and software. Assist in compliance auditing internal systems against baseline configuration requirements and adherence to TDC Security Policy. Works with project teams to assist with security related deliverables of limited complexity in a supporting role. Assists management team with developing and maintaining information security policies and procedures and tracking compliance throughout the organization. Role requires analyst to maintain security certifications to demonstrate command of knowledge in the security industry and to maintain up to date knowledge of security threats, vulnerabilities, exploits, and trends in the security environment and their impact to the IT systems. Work is closely managed.

Qualifications

• Associate degree (2 years college) or equivalent educational experience; and an expressed interest in Cybersecurity, Secure Systems Engineering and/or IT Governance Can substitute degree with additional certification from list below.
• One or more of the following certifications are required (2 w/o Associated Degree):
  • CEH: Certified Ethical Hacker
  • CompTIA Security+
  • CompTIA Network+
  • CompTIA Linux+
  • (ISC)2 Associate (or higher)
  • GSEC: SANS GIAC Security Essentials.
  • CRISC: Certified in Risk and Information Systems Control
  • CIPP/US: Certified Information Privacy Professional/US
  • CISM: Certified Information Security Manager
  • CISA: Certified Information System Auditor
  • CISSP: Certified Information Systems Security Professional
  • CCNA: Cisco Certified Network Associate Security
  • CCNP: Cisco Certified Network Professional Security
  • C|HFI: Computer Hacking Forensics Investigator
  • Similar entry level certifications which cover cyber security may be leveraged.
• Demonstrated desire to complete future certifications in cybersecurity or other IT fields is required.
• Knowledge of enterprise identity management systems such as Active Directory, Azure Active Directory.
• Knowledge of Identity Management Lifecycle.
• Knowledge of managing and securing Microsoft Windows or Linux Operating Systems.
• Knowledge of NTFS file system permissions management and model.
• Knowledge of networking, routing, switching and firewalls.
• Knowledge of security, vulnerability, exploits, forensics, incident response.
• Knowledge of virtualization technologies, including VMware, desirable.
• Relevant background in programming in either PowerShell, Batch or Bash Shell
• Knowledge of relevant IT industry concepts, practices, standards and procedures.
• Ability to prioritize multiple projects and meet deadlines.
• Excellent oral and written communication skills.
• Ability to work with diverse personalities.
• Ability to read, analyze and interpret general business periodicals, professional journals, technical procedures, or governmental regulations.
• Ability to write comprehensive reports, business correspondence, and technical procedure manuals.
• Ability to effectively present information and respond to questions from groups of managers, clients, customers, and the general public.
• Ability to calculate figures and amounts such as discounts, interest, commissions, proportions, percentages.
• Ability to define problems, collect data, establish facts, and draw valid conclusions. Ability to interpret an extensive variety of technical instructions in mathematical or diagram form and deal with several abstract and set variables.
• (2 - 5+) years' experience supporting technical environments required. Experience may include servers, networking, telephonic, and/or storage systems.
• (2 - 5+) years' experience building, administrating, and monitoring systems in a multi-site network environment with more than 500 users preferred.
• Ability to be on-call to support security incident response scenarios that may occur outside of standard business hours.
• Willingness to occasionally work outside of business hours to support project teams and perform assigned system maintenance tasks in order to minimize business interruptions.

Responsibilities

Security Risk Management

• Participate in risk management process, including cyber security assessments of both internal platforms, software, and 3rd party cloud systems.
• Work with team to present security findings to business partners and provide security requirements and recommendations for secure implementations

Compliance and Audit Management

• Review organizations adherence to TDC cybersecurity policies and defined standards.
• Prepare audit reports describing any deficiencies or configuration issues identified during an audit.

Identity and Access Management

• Leverage and maintains identity and access management systems, workflows, and policies designed to provision and decommission user and system accounts.
• Following the principle of least privilege, grant individual users and departments access to applications, data, or networks.

Monitoring and Operations of Security Systems

• Responsibilities also include proactively monitoring the health of security systems, analyzing and troubleshooting system issues as they occur, documenting system designs, data flows, standard operating procedures, and system health validation documents.
• Monitoring and responds to real-time security system alerts and service tickets to protects against unauthorized access, modification, or destruction of corporate data and systems.

Vulnerability and Patch Management

• Assist in vulnerability identification and remediation on systems and configurations within all internal and external systems.
• Assist in the installation of security patching on operating systems and applications, including application health and security posture validations.
• Assist in developing secure configuration designs leveraging vendor best practice recommendations for all internal and external systems.

Project Management & Execution

• Work with project teams on advanced, technical projects or business issues, requiring ability to learn state-of-the-art security infrastructure and best practices.
• Perform basic project management tasks such as task decomposition, basic time and cost estimating, scheduling, and basic reporting skills.

Other Duties As Assigned

• Available for all duties, accepts delegated tasks readily and completes assigned duties as directed.

Salary Range: $87,171 - $101,700

Compensation varies based on skills, knowledge, and education. We consider factors such as specialized skills, depth of knowledge in the field, and educational background to ensure fair and competitive pay.

Benefits

We offer competitive compensation, incentive bonus plans, outstanding career opportunities, an exceptional work environment, and an impressive benefits package, which starts with medical, family and bereavement leave; same-sex domestic partner benefits; short- and long-term disability programs; and an employee assistance program. There's more:

• Health, dental, and vision insurance
• Health care tax-free spending accounts with a company match
• 401(k) and Roth IRA with company match, as well as catch-up plans for both
• Vacation days, sick days, and paid personal days each calendar year (with vacation increases based on length of service)
• Paid holidays each calendar year
• Life and travel insurance
• Tax-free commuter benefits
• In-person and online learning opportunities
• Cross-function career opportunities
• Business casual work environment
• Time off to volunteer
• Matching donations to qualifying nonprofit organizations
• Company-sponsored participation at non-profit events

About The Doctors Company

The Doctors Company is the nation's largest physician-owned medical malpractice insurer. Founded and led by physicians, we are committed to advancing, protecting, and rewarding the practice of good medicine.

The Doctors Company is proud to be Certified by Great Place to Work®.

Equal Opportunity Employer
This employer is required to notify all applicants of their rights pursuant to federal employment laws. For further information, please review the Know Your Rights notice from the Department of Labor.

Information Security Governance-Risk-Compliance Analyst

Requisition ID

2025-48506

Category

Information Technology

Location : Name

Rev Hugh Cooper Admin Center

Location : City

Albuquerque

Location : State/Province

NM

Minimum Offer

USD $45.86/Hr.

Maximum Offer for this position is up to

USD $1.81/Hr.

Overview

Presbyterian is seeking a Information Security Governance-Risk-Compliance Analyst!

The Information Security Governance-Risk -Compliance Analyst is responsible for the oversight and coordination of various cybersecurity risk management activities focused on identifying, assessing, managing, and mitigating risks . Subject matter expert experienced in regulatory requirements, security framework standards, security operations and controls, and industry best practices.
The role works closely with Compliance, Internal Audit, and other Departmental Leaders in the coordination of planning, prioritization, tracking, and remediation of cyber risks, assessment and audit findings, supply chain risk, and operational risk. Works closely with technology and security leaders and subject matter experts to coordinate, review, and catalogue responses. coordinates with Compliance and Internal Audit to further the planning, response, and cataloguing of assessment and audit activities related to both Information Security and Information Technology.
Supports the operationalization of the GRC management functions to ensure compliance with established security controls, industry frameworks, regulatory and legal requirements, organizational policies, and standards. Collaborates with the GRC Director and CISO on the risk management program, including risk assessments, risk analysis, internal and external audits, vendor security risk program and risk register management. Other key activities will include reviewing existing security policies, assessing that procedures are implemented in accordance with security policies and standards, and that security metrics are being measured.

We're determined to take care of those working in healthcare.

Presbyterian is dedicated to improving people's lives - the lives of our patients and the lives of our coworkers. We're locally owned and operated, which encourages supportive leadership that emplowers employees. And we provide the opportunity to gorw from entry-level to the most senior positions.

Why Join Us

Full Time - Exempt: Yes
• Job is based at Rev Hugh Cooper Admin Center
• Work hours: Weekday Schedule Monday-Friday
• Benefits: We offer a wide range of benefits including medical, wellness program, vision, dental, paid time off, retirement and more for FT employees.

Qualifications

• Bachelors degree in Information Security, Computer Science, Information Management Systems, or related field desired; or 6 years of relevant experience may be substituted in lieu of degree. An advanced degree is strongly preferred.
• 3 years of experience in Information Security Risk Management or in Information Technology/Information Security Audit required.
• 5 years of experience in a large (over 2,000 end users) Healthcare IT Enterprise preferred.
• 7 years of experience in a combination of IT Governance, Risk Management, Compliance, and Information security roles preferred.
• Expert working knowledge from within an information security function using ISO 27000, NIST CSF, NIST RMF, or NIST 800-53, HIPAA, or HITRUST Common Security Framework.
• Experience supporting SSAE 16 or SOC 2
• Detailed understanding and extensive experience with information security regulations, including at a minimum National Institute of Standards and Technology (NIST), Health Insurance Portability Accountability Act (HIPAA), Payment Card Industry (PCI), ISO 27001 and ISO 27018, Sarbanes-Oxley (SOX), Cloud Security Alliance (CSA) and various other laws and regulations including Executive Orders.
• Significant experience performing Information Security Risk Management, Third-Party Risk Management, and audits and assessments in large, complex organizations.
• Significant experience in end-to-end IT and Security Risk Management.
• Significant experience with technical risk remediation identification and planning.
• Significant experience with corrective action and remediation engagement and planning.
• Models high standards of integrity, performance, confidentiality, and demonstrates sound judgement.
• Incorporates Presbyterian Health Services values into the ITGRC compliance and audit program

• Professional certifications such as Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP) or Certified Risk & Information Security Controls (CRISC) required or willing to obtain within the first year of employment.

Responsibilities

• Provide expert knowledge in information security standards and practices and with related federal, state, and local regulatory requirements.
• Identify and assess the severity and potential impact of risks identified within audits and assessments. Educate risk owners within Information Technology and Information Security about risk assessment findings and proper risk remediation.
• Support the implementation of PHS and PHP information governance, risk, and compliance processes.
• Assess processes, practices, and controls against PHS Information Technology and Information Security policies, procedures, and standards.
• Coordinate, catalogue, and communicate internal and external risks and findings to the Director, ITGRC.
• Develop and maintain risk exception and acceptance processes, corrective action plans and mitigation strategies for cyber risks, assessment and audit findings, supply chain risks, and operational risks and recommendations. Corrective action plans are continually updated, and progress is documented for each open item.
  
  

Benefits

All benefits-eligible Presbyterian employees receive a comprehensive benefits package that includes medical, dental, vision, short-term and long-term disability, group term life insurance and other optional voluntary benefits.

Wellness
Presbyterian's Employee Wellness rewards program is designed to provide you with engaging opportunities to enhance your health and activate your well-being. Earn gift cards and more by taking an active role in our personal well-being by participating in wellness activities like wellness challenges, webinar, preventive screening and more.

Why work at Presbyterian?
As an organization, we are committed to improving the health of our communities. From hosting growers' markets to partnering with local communities, Presbyterian is taking active steps to improve the health of New Mexicans.

About Presbyterian Healthcare Services
Presbyterian exists to ensure the patients, members and communities we serve can achieve their best health. We are a locally owned, not-for-profit healthcare system of nine hospitals, a statewide health plan and a growing multi-specialty medical group. Founded in New Mexico in 1908, we are the state's largest private employer with nearly 14,000 employees.

Our health plan serves more than 580,000 members statewide and offers Medicare Advantage, Medicaid (Centennial Care) and Commercial health plans.

AA/EOE/VET/DISABLED. PHS is a drug-free and tobacco-free employer with smoke free campuses.

Maximum Offer for this position is up to

USD 71.81/Hr.

Compensation Disclaimer

The compensation range for this role takes into account a wide range of factors, including but not limited to experience and training, internal equity, and other business and organizational needs.

Need help finding the right job?

We can recommend jobs specifically for you!
Click here to get started.

Description

Join Our Team

For over 70 years, Teachers Federal Credit Union has been committed to guiding members toward building a strong financial foundation today for a better tomorrow. Named one of America's Best-In-State Credit Unions by Forbes Magazine in 2022, Teachers has grown into one of the leading credit unions in the United States. As we broaden our national reach, we will continue to ensure that Teachers is a Best Place to Bank and a Best Place to Work. Teachers offers a variety of exciting career opportunities ranging from part-time and full-time staffers to executive leadership roles.

Summary:

The Information Security Governance Risk & Compliance Manager is responsible for managing, planning, and executing security initiatives related to governance, risk management, compliance, and audit oversight. The Information Security Governance Risk & Compliance Manager oversees anti-phishing campaigns, security awareness training, risk assessments, vendor security reviews, and managing audit activities related to security governance and controls.

Education and/or Experience:

• Bachelors degree or a minimum eight years directly related experienced
• Minimum five of 5 years of experience in information security Governance, Risk, and Compliance required
• Managing complex security programs required
• CISSP, CISM, CRISC, or similar preferred
• Experience with security tools, technologies, and risk management platforms required
• Proven track record of managing and executing information security programs, including anti-phishing campaigns, risk assessments, and security awareness training.
• Strong understanding of regulatory frameworks and industry standards (GDPR, CCPA, NIST, ISO 27001, SOC 2, etc.).
• Experience conducting vendor security assessments and reviewing SOC reports.
• Solid knowledge of information security principles, including risk management, incident response, and security controls.
• Knowledge of data privacy regulations
• Experience with a variety of ITGRC tools such as ServiceNow and RSA Archer and others.
• Proven experience in audit oversight, managing both internal and external audit processes, and addressing audit findings related to information security.
• Excellent communication skills, with the ability to articulate complex security topics to both technical and non-technical stakeholders.
• Strong analytical and problem-solving skills, with attention to detail and the ability to drive continuous improvement in security processes.
• Ability to work independently and manage multiple projects simultaneously.

Job Responsibilities:

• Security Awareness Training: Develop, coordinate, and deliver ongoing security awareness training programs to educate employees on security best practices and risk mitigation techniques.
• Anti-Phishing Campaigns: Plan, manage, and execute anti-phishing campaigns to assess and improve employee awareness and the organization's resilience against phishing attacks.
• Risk Assessments: Manage planning and execution of regular risk assessments, ensuring the identification, evaluation, and mitigation of security risks across the organization.
• Vendor Security Reviews: Manage and review vendor security assessments, including the evaluation of SOC reports, to ensure third-party risk is managed in accordance with security policies and standards.
• Governance and Compliance: Oversee information security governance processes, ensuring adherence to relevant regulatory frameworks, industry standards, and internal policies. Lead compliance activities related to security controls, data privacy, and industry regulations.
• Audit Oversight: Manage the execution and oversight of internal and external audits, ensuring security and compliance audits are conducted according to the established audit schedule. Collaborate with auditors to address security-related audit findings and ensure timely remediation of issues.
• Day-to-Day Information Security Activities: Handle day-to-day information security activities, including incident management, reporting, and compliance tracking, ensuring that all aspects of the security program are functioning optimally.
• Reporting & Metrics: Provide regular updates and reports to senior leadership on the effectiveness of security programs, compliance status, audit results, and risk mitigation efforts. Develop metrics to track progress and demonstrate the effectiveness of security initiatives.
• Continuous Improvement: Stay informed on the latest security threats, trends, and technologies. Recommend and implement best practices for improving information security governance, compliance, and audit preparedness.

Benefits of Joining the Teachers Team:

We provide a competitive compensation and benefits package that includes, but is not limited to:

• Paid time off for vacation, personal days, and holidays
• Fully-funded pension plan
• 401(k) company contribution
• Teachers pays 100% of Dental & Vision premium
• Tuition reimbursement is offered to full-time employees
• Exclusive employee discount of 0.96% APR on credit card loans and a 1.00% APR on all other loans through Teachers

The good faith range for this position is $118,250 - $147,850 annually. This range is an estimate, based on potential employee qualifications and operational needs. The salary may vary above and below the stated amounts, as permitted by applicable law.

All candidates will be subject to a background check, credit check, and drug test to determine employment eligibility.

To learn more about Teachers and to view a full list of our job opportunities please visit

Click here to view: California Privacy Notice

#LI-KM

Overview

Data Governance Risk & Compliance Data Leader

At BNY, our culture empowers you to grow and succeed. As a leading global financial services company at the center of the world’s financial system we touch nearly 20% of the world’s investible assets. Every day around the globe, our 50,000+ employees bring the power of their perspective to the table to create solutions with our clients that benefit businesses, communities and people everywhere.    

We continue to be a leader in the industry, awarded as a top home for innovators and for creating an inclusive workplace. Through our unique ideas and talents, together we help make money work for the world. This is what #LifeAtBNY is all about. 

We welcome you to apply! When applying to this general posting, our expert BNY Talent Acquisition Team may also review your resume for consideration across other open roles within the company. 

We’re seeking a future team member in the role of  Data Governance Risk & Compliance Data Leader  to join our DATA ENGINEERING  team. This role is in Pittsburgh, PA or Lake Mary, FL.

As a Data Leader - you will lead a team of data professionals to establish a robust Data Governance framework and drive data quality throughout BNY. You will be a very influential position within EDM and will have the opportunity to drive tremendous business value as we look to improve the data quality of our most critical data. You will be accountable and own the enterprise data quality process, the performance of that process and the resource and technology plan to support this process. As a Data Governance Lead, you will work very closely with the Data Leaders and Stewards across the BNY to ensure compliance to Policy, while robust DQ monitoring is in place and appropriate attention to issue remediation applied.

As part of Data Engineering, our Divisional Data Officer team is responsible for design, delivery and adoption of many of the enterprise Data Governance processes including Data Quality Management, Issue Management and Remediation, Data Lineage Management, Data Catalog Management, Business Glossary Management, etc. 

In this role, you’ll make an impact in the following ways: 

• Overseeing the data stewardship program ensuring the quality, integrity, and governance of critical data assets across Risk and Finance organization
• Lead a team of data stewards, define data stewardship policies and process, and collaborate with stakeholder to drive data management sustainability and excellence 
• Define data stewardship roles, responsibilities, and accountabilities and establish clear guidelines for data stewardship activities and workflows
• Collaborate with business unites, data owners, and data custodians to identify critical data assets, define data quality requirements, and establish data quality metrics and KPIs.
• Establish data quality monitoring processes and tools to detect, measure, and report on data quality issues and anomalies
• Lead the resolution of data quality issues, working cross -functionally to identify root cause, implement corrective action and prevent recurrence. 
• Develop and maintain data lineage documentation and mappings to support data governance, regulatory, compliance, and data lineage analysis activities
• Collaborate with data management teams, including data architecture, data engineering, and metadata management to ensure alignment and integration of data stewardship activities in accordance with enterprise data management policies and standards.
• Serve as a subject matter expert on data stewardship best practices, methodologies, and tools an provide guidance and support to stakeholders across Risk and Finance. 

 To be successful in this role, we’re seeking the following: 

• Experienced hands-on Data and Metadata Management, from concept to implementation with a demonstrable track record of delivery.
• 10-15 years of total work experience with at least 3-5 years in a management preferred. Experience over operational activities (business analysis, testing, etc.), reference data and/or enterprise data management or data governance preferred.
• Strong stakeholder management and people skills, and the ability to manage multiple competing priorities under pressure. You will have strong analytical and management skills, are familiar with Agile methodology and played an active role in scrums such as backlog refinement, sprint planning and execution. The ability to apply backlog prioritization to define sprint goals and enable iterative deliveries is key.
• Strong understanding of data governance principles, data quality management concepts, and regulatory requirements (e.g. BCBS 239, GDPR)
• Experience with data governance tooling and technologies, data profiling, data cleansing, and data remediation techniques.
• Strong analytical and problem-solving skills with the ability to analyze complex data issues and drive effective solutions
• People Leadership, be able to inspire and build momentum across a global team but you are also a team player, happy to roll up your sleeves when needed.

At BNY, our inclusive culture speaks for itself. Here’s a few of our awards: 

• Fortune World’s Most Admired Companies & Top 20 for Diversity and Inclusion 
• Bloomberg’s Gender Equality Index (GEI)
• Human Rights Campaign Foundation, 100% score Corporate Equality Index
• Best Places to Work for Disability Inclusion, Disability: IN – 100% score 
• 100 Best Workplaces for Innovators, Fast Company
• CDP’s Climate Change ‘A List’

Employer Description:

For over 230 years, the people of BNY Mellon have been at the forefront of finance, expanding the financial markets while supporting investors throughout the investment lifecycle. BNY Mellon can act as a single point of contact for clients looking to create, trade, hold, manage, service, distribute or restructure investments and safeguards nearly one-fifth of the world's financial assets. BNY Mellon remains one of the safest, most trusted and admired companies. Every day our employees make their mark by helping clients better manage and service their financial assets around the world. Whether providing financial services for institutions, corporations or individual investors, clients count on the people of BNY Mellon across time zones and in 35 countries and more than 100 markets. It's the collective ambition, innovative thinking and exceptionally focused client service paired with a commitment to doing what is right that continues to set us apart. Make your mark: bnymellon.com/careers.

EEO Statement:

BNY Mellon is an Equal Employment Opportunity/Affirmative Action Employer. Minorities/Females/Individuals With Disabilities/Protected Veterans. Our ambition is to build the best global team – one that is representative and inclusive of the diverse talent, clients and communities we work with and serve – and to empower our team to do their best work. We support wellbeing and a balanced life, and offer a range of family-friendly, inclusive employment policies and employee forums.