Governance, Risk and Compliance Manager (Security)

Full Time

1 week ago

Atlanta, GA | US
Back to search results

The Governance, Risk and Compliance Manager (Security) specializes in third-party risk assessments, ISO27001 audits, SOC2 audits, and client-conducted risk assessments.  The position plays a pivotal role in maintaining and enhancing PRGX’s governance, risk and compliance framework.  

Key Responsibilities:

ISO27001 Audits:

    • Oversees the preparation, execution, and management of ISO27001 audits to assess the effectiveness of the organization’s information security management system (ISMS).
    • Works closely with internal stakeholders to address audit findings, implement corrective actions, and continuously improve the ISMS to meet ISO27001 standards.
    • Serves as a subject matter expert on ISO27001 requirements and provide guidance and support to teams across the organization to ensure compliance.

SOC2 Audits:

    • Manages the SOC2 audit process, including readiness assessments, evidence gathering, and coordination with auditors to facilitate successful SOC2 examinations.
    • Develops and maintains SOC2 policies, controls, and documentation to demonstrate compliance with trust services criteria (security, availability, processing integrity, confidentiality, and privacy).
    • Monitors and tracks remediation activities to address any identified gaps or deficiencies in SOC2 controls and ensure timely resolution.

Client-Conducted Risk Assessments:

    • Completes client assessments of PRGX security controls to ensure all client concerns are addressed and they are comfortable providing data required for services.
    • Acts as a liaison between clients and internal teams to address client inquiries, clarify requirements, and ensure the timely completion of risk assessment processes.

Compliance and Reporting:

    • Keeps abreast of regulatory changes, industry trends, and emerging risks related to information security, privacy, and data protection.
    • Prepares and delivers regular reports to senior management and stakeholders on the status of third-party risk assessments, ISO27001 audits, SOC2 audits, client-conducted risk assessments, and overall compliance initiatives.
    • Collaborates with internal and external auditors to facilitate compliance audits and assessments as needed.

Third-Party Risk Assessment:

    • Leads the evaluation and assessment of third-party vendors and partners to identify potential risks and ensure compliance with contractual obligations, industry standards, and regulatory requirements.
    • Develops and maintains a comprehensive third-party risk management program, including risk assessment methodologies, risk identification, evaluation, and mitigation strategies.
    • Collaborates with cross-functional teams, including Legal, Procurement, and IT Security, to establish and enforce third-party risk management policies and procedures.

Qualifications:

  • Bachelor’s degree in Information Security, Risk Management, Business Administration, or a related field (Master’s degree preferred).
  • Professional certifications such as CISA, CISSP, CISM, ISO27001 Lead Auditor, or equivalent.
  • Proven experience (5+ years) in governance, risk, and compliance roles, with a focus on third-party risk management, ISO27001 audits, SOC2 audits, and client-conducted risk assessments.
  • In-depth knowledge of relevant frameworks, standards, and regulations, including ISO27001, SOC2, GDPR, CCPA, etc.
  • Strong analytical skills with the ability to assess complex risk scenarios and develop effective mitigation strategies.
  • Excellent communication and interpersonal skills, with the ability to collaborate effectively with cross-functional teams, clients, and external stakeholders.
  • Demonstrated leadership abilities with experience in managing audit processes, leading teams, and driving results.

    Share this opening