Manager, GRC

Job Summary

This position plays a key role in the organization by managing the execution and quality of IT Governance, Risk & Compliance (GRC) activities in support of F&G’s strategic goals and objectives.  This position will be responsible for security policy, standards, partnership with IT Training, risk management, and similar topics, as well as serve as a liaison between the security, audit, compliance, and technology organizations. This position will also lead multiple IT GRC programs and projects to support the business, and provide thought leadership.

Duties and Responsibilities

• Manage development, maintenance, and implementation of F&G’s IT GRC architecture, strategy, policies and standards in support of F&G’s strategic goals and objectives
• Responsible for IT regulatory security and compliance requirements, including working with IT leadership to level set business expectations
• Ensure F&G is compliant by working directly with Audit to manage audit requests, maintaining compliance with laws and regulations
• Define, implement, test, and maintain the IT operational risk framework, including risk governance, risk hierarchy, risk indicators/tooling (inclusive of risk taxonomy, impact & likelihood scales, control criteria, KRIs, issues, policy exceptions), and risk analysis (RCSA, Bow Tie, FAIR)
• Ensure IT GRC team follows policies, procedures, and operational risk frameworks to reduce cyber risk to the business
• Coordinate with IT leaders to ensure development, business continuity frameworks, and disaster recovery responses are in alignment with security architecture and guidelines
• Monitor information systems, applications, and data to ensure internal and regulatory compliance
• Perform periodic investigation of continuity tests and invocation and initiate corrective actions as required
• Identify gaps in controls, propose solutions, and implement corrective actions
• Support the design, implementation, and compliance of user security awareness trainings
• Maintain understanding of industry trends, tools, and practices and partake in information sharing groups
• Continue to maintain strong current knowledge of regulatory practices and policies
• Ensure IT GRC projects are delivered on time and on budget with quality results that meet the business need
• Manage vendor relationships to ensure contract terms, SLAs and performance agreements are met and changes/enhancements/bugs are managed appropriately
• Mentor and coach others on both a formal and informal basis
• Provide subject matter expertise on complex projects
• Translate undefined business problems and defined business objectives and goals into functional solutions
• Independently direct team as well as contribute individually to project and solution outcomes

Experience and Education Requirements

• S. or B.A. or equivalent experience required, advanced degree preferred
• 7+ years of Information Technology leadership or similar experience in Compliance or Audit
• 2+ years experience managing cross-functional team
• Demonstrated experience leading teams in Financial Services industry
• Experience designing, developing, implementing and monitoring adherence to policy, process, procedures and standards
• Significant experience with developing operational risk frameworks and driving risk analyses (RCSA, Bow Tie, FAIR)
• Understanding of operational impact of relevant IT compliance and regulatory requirements (SOX, SSAE18 (SOC) ISO 2700x, PCI, HIPAA, NYDFS, etc.)
• Strong project management experience, certification a plus
• Experience managing outsource vendors, COTS, and internal staff
• Significant technical, financial, and contract management experience
• Extensive service level management experience

Skills and Abilities

• Current knowledge of information security, security engineering, and security architectures
• Current knowledge of regulatory and security standards and practices
• Extensive experience conducting IT audits and compliance testing
• Aptitude to manage multiple projects and initiatives simultaneously
• Ability to effectively lead teams, coordinate team activities, and mobilize workforce
• Strong insurance experience preferred
• Expertise in testing principles, disciplines, tools, and environments
• Participated in IT strategic planning
• Strong networking and relationship-building across the organization
• Familiarity with GRC modules, (Archer, LogicManager, OpenPages, AuditBoard, or similar)
• Current knowledge of IT governance, regulations, and compliance principles
• Extensive knowledge and experience with risk frameworks (such as NIST and the COSO Enterprise Risk Management Framework), risks, and execution of risk management processes and governance
• Business/commercially-focused and results oriented
• Consultative and client-oriented, a creative problem solver with a collaborative nature
• Executive Leadership; ability to influence/negotiate with peers and vendors
• Excellent project management skills
• Professional, decisive with integrity and high ethical standards

#LI-Remote