Manager Governance, Risk and Compliance

Overview

We’re looking for a Manager Governance, Risk and Compliance who enjoys helping teams navigate risk and compliance in a practical, collaborative way. This role plays an important part in keeping our technology environment secure, compliant, and aligned with our business goals—without slowing innovation.

In this role, you’ll work closely with partners across IT, Security, Internal/External Audit, Legal, Privacy, and the business to turn regulatory requirements and risk frameworks into solutions that actually work in the real world. You’ll help guide risk assessments, develop and improve policies and controls, support audits, and strengthen our overall GRC program in a way that’s thoughtful and sustainable.

We’re looking for someone who has technical know-how along with the ability to communicate clearly, build strong relationships, and take a balanced, risk‑based approach. Ideal candidates will have experience presenting to executive audiences, proficiency with PowerBI and experience in healthcare (or other regulated industries).

Note: This is a fully remote role, but onsite travel to our Chattanooga, Tennessee headquarters may be required for final interviews. Sponsorship is not available for this role.

Job Duties & Responsibilities

• Understand business priorities and activities at BCBST and subsidiaries. Maintain current knowledge of applicable regulatory and compliance issues related to Information Security. Based on this knowledge, plan, develop, document, maintain and monitor progress of Information Security Program components consistent with applicable regulatory and compliance requirements.
• Develop, maintain and communicate policies, standards and procedures to manage security functions relative to information technology systems (including systems under development), networks, applications, and voice and data communications that are consistent with applicable regulatory and compliance requirements.
• Understand the threat landscape and attack trends as they relate to intelligence gathering, dissemination and defense coordination.
• Depending on departmental function management responsibilities may include one or more of the following: Manage information risk management program including facilitated risk decisions with decision making authorities and being an engaged partner with lines of business. Develop and implement an effective policy compliance monitoring and enforcement program. Manage the security operations and/or engineering functions including incident response, security monitoring, security design and engineering and security architecture. Develop and manage Enterprise Information Security Threat Management Program. Manage teams tasked with vulnerability discovery and reporting. Coordinate the use of external resources involved in the performance of security testing (i.e., penetration tests, vulnerability scans). Ensure that an Information Security training program is addressed as part of the overall compliance training to ensure the organization’s workforce is knowledgeable of Information Security policies, practices and relevant guidance appropriate to their role in the organization.
• Develop and report business-relevant metrics to measure the efficiency and effectiveness of the Information Security Program, facilitate appropriate resource allocation and increase the maturity of the security program.
• Provide subject matter expertise on a broad range of information security standards and best practices, such as NIST, PCI, ISO 27001, MAR and others as applicable.
• Work with Information Security Directors, CISO and appropriate stakeholders to prepare and present relevant information on security as required.
• Facilitate and participate in the organization’s Enterprise Security Committee as appropriate.
• Manage the process of hiring, developing, and evaluating performance of Information Security department staff.
• Establish and manage operating budgets.
• Collaborate with other departments across BCBST including Human Resources, Legal, Privacy, Procurement and Compliance to ensure information security alignment across the company.

Job Qualifications

Education

• Bachelor’s degree in business, Computer Science or equivalent experience required. Equivalent experience is defined as 4 years of professional work experience.

Experience

• 5 years of experience leading technical resources teams in diverse disciplines is required.
• 5 years of experience in information security or related field.
• Must possess a solid understanding of Information Technology, Information Security, and Risk Management.
• Knowledge of security and control frameworks, such as ISO 17799, COBIT, and NIST Cybersecurity Framework.

Skills/Certifications

• Information Security certifications such as the Certified Information Systems Security Professional Certification (CISSP), Certified Information Security Officer (CISA) or Certified Information Security Manager Certification (CISM) are required or must be obtained within 2 years of acceptance of position.
• Proficient in Microsoft Office (Outlook, Word, Excel and PowerPoint).
• Excellent oral and written communication skills.
• Strong interpersonal and organizational skills.
• Must be a team player, be organized and have the ability to handle multiple projects.
• Ability to work independently with minimal supervision or function in a team environment sharing responsibility, roles, and accountability.
• Ability to lead and motivate teams to achieve tactical and strategic goals. This is a highly responsible position that requires both quantitative and interpersonal skills.
• Demonstrated project management, organization and facilitation skills.
• High level of personal integrity, and the ability to professionally handle confidential matters and exude the appropriate level of judgment and maturity.

Key skills/competency

• Information Security
• Risk Management
• Compliance Frameworks
• Policy Development
• Audit Support
• Regulatory Adherence
• Leadership
• PowerBI
• Executive Communication
• Healthcare Industry