Apply now »

Senior Manager - GRC

About Providence

Providence, one of the US’s largest not-for-profit healthcare systems, is committed to high quality, compassionate healthcare for all. Driven by the belief that health is a human right and the vision, ‘Health for a better world’, Providence and its 121,000 caregivers strive to provide everyone access to affordable quality care and services.

Providence has a network of 51 hospitals, 1,000+ care clinics, senior services, supportive housing, and other health and educational services in the US.

Providence India is bringing to fruition the transformational shift of the healthcare ecosystem to Health 2.0. The India center will have focused efforts around healthcare technology and innovation, and play a vital role in driving digital transformation of health systems for improved patient outcomes and experiences, caregiver efficiency, and running the business of Providence at scale.


Why Us?

  • Best In-class Benefits
  • Inclusive Leadership
  • Reimagining Healthcare
  • Competitive Pay
  • Supportive Reporting Relation

How is this team contributing to the vision of Providence?

Enterprise Security & Infrastructure (ESI) is committed to appropriately protecting all information relating to its caregivers and affiliates, as well as protecting its confidential business information (including information relating to its caregivers, affiliates, and patients).

 

What will you be responsible for?

 

  • Lead the development, implementation, and continuous improvement of the organization’s security governance, risk management, and compliance (GRC) strategies.
  • Establish and maintain a comprehensive governance management framework, ensuring effective operational controls to address information security risks.
  • Create, update, and enforce security policies, procedures, processes, standards, and guidelines to support the IT Governance Program, including the lifecycle management of internal controls.
  • Drive risk management and governance initiatives in response to emerging technologies and evolving business needs.
  • Oversee the remediation of information security issues and findings, ensuring both immediate corrective actions and sustainable long-term solutions to mitigate risks.
  • Collaborate with senior leadership, business units, IT, and Legal to establish consistent processes for identifying, assessing, responding to, and reporting on IT risks.
  • Champion the implementation of global IT GRC initiatives, ensuring alignment with organizational objectives and industry standards.
  • Partner with program leadership to influence decision-making and foster unified progress towards security and compliance goals.
  • Identify and lead cross-functional projects that enhance standardization, efficiency, and maturity within the GRC function.
  • Provide effective leadership to GRC teams, including direct reports and contractors—delegating tasks, coordinating efforts, fostering motivation, and conducting performance reviews in collaboration with HR.
  • Directly manage and develop GRC teams, with responsibility for up to 10 caregivers.
  • Stay current on best practices, legal requirements, and industry standards related to risk management and compliance frameworks such as NIST CSF, NIST 800-53 v5, CIS Benchmarks, HIPAA, PCI DSS, SOX 404, and ITIL.
  • Monitor industry trends and the regulatory environment, proactively adapting governance strategies to maintain compliance and organizational resilience.

 

 

 

How is this team contributing to the vision of Providence?

Enterprise Security & Infrastructure (ESI) is committed to appropriately protecting all information relating to its caregivers and affiliates, as well as protecting its confidential business information (including information relating to its caregivers, affiliates, and patients).

 

What will you be responsible for?

 

  • Lead the development, implementation, and continuous improvement of the organization’s security governance, risk management, and compliance (GRC) strategies.
  • Establish and maintain a comprehensive governance management framework, ensuring effective operational controls to address information security risks.
  • Create, update, and enforce security policies, procedures, processes, standards, and guidelines to support the IT Governance Program, including the lifecycle management of internal controls.
  • Drive risk management and governance initiatives in response to emerging technologies and evolving business needs.
  • Oversee the remediation of information security issues and findings, ensuring both immediate corrective actions and sustainable long-term solutions to mitigate risks.
  • Collaborate with senior leadership, business units, IT, and Legal to establish consistent processes for identifying, assessing, responding to, and reporting on IT risks.
  • Champion the implementation of global IT GRC initiatives, ensuring alignment with organizational objectives and industry standards.
  • Partner with program leadership to influence decision-making and foster unified progress towards security and compliance goals.
  • Identify and lead cross-functional projects that enhance standardization, efficiency, and maturity within the GRC function.
  • Provide effective leadership to GRC teams, including direct reports and contractors—delegating tasks, coordinating efforts, fostering motivation, and conducting performance reviews in collaboration with HR.
  • Directly manage and develop GRC teams, with responsibility for up to 10 caregivers.
  • Stay current on best practices, legal requirements, and industry standards related to risk management and compliance frameworks such as NIST CSF, NIST 800-53 v5, CIS Benchmarks, HIPAA, PCI DSS, SOX 404, and ITIL.
  • Monitor industry trends and the regulatory environment, proactively adapting governance strategies to maintain compliance and organizational resilience.

 

 

 

What would your day look like?

  • Regularly collaborate with business leaders, application, and product owners to evaluate security needs and impacts of security decisions on business processes as well as to communicate risks.
  • Drive implementation of framework, policies, standards, and other security requirements.
  • Conduct gap analysis and implement Standards Frameworks like NIST CSF, NIST 800-53 v5, CIS Benchmarks, HIPAA, PCI DSS, SOX 404, and ITIL.
  • Develop and revise Policies, Standards, Processes, and guidelines for the enterprise through change management.
  • Perform security reviews, attestations, assessments and serve as a Liaison between various teams within Cybersecurity.
  • Collaboare with business function owner on deliverables, support team in understating and meeting business requirements.
  • Manage expectations and effectively communicate to colleagues, project team members, sponsors, stakeholders, business leaders, as well as internal and external security stakeholders and leaders.
  • Promote and raise awareness of Cyber-Security programs and posture, driving change and influencing proper Cyber Security hygiene within the organization.

 

Who are we looking for?

  • 4-year University (Bachelor’s) degree in Computer Science, Information Security, Cyber Security or related field.
  • Minimum 10 years of experience in an Information Security/GRC role.
  • Minimum 5 years of experience in IT Risk Management Role.
  • Preferred 3 years of experience in Healthcare, Pharma or Bio-Technology organization.
  • Strong project management skills to simultaneously work on multiple projects concurrently.
  • Experience with managing a GRC tool support life cycle.
  • Strong written and oral communication skills with the ability to explain technical ideas to non-technical individuals at any level.
  • Adaptable to shifting priorities, demands, and timelines through analytical and problem-solving capabilities. Able to react to project adjustments and alterations promptly and efficiently.
  • Ability to lead a team and collaborate with other leaders throughout the organization.
  • Ability to effectively prioritize and execute tasks in a high-pressure environment
  • Preferred knowledge of Information Security standards (ISO/IEC 27001, 27002, NIST CSF, NIST SP 800-53, CIS Controls).

Providence’s vision to create ‘Health for a Better World’ aids us to provide a fair and equitable workplace for all in our employment, whether temporary, part-time or full time, and to promote individuality and diversity of thought and background, and acknowledge its role in the organization’s success. This makes us committed towards equal employment opportunities, regardless of race, religion or belief, color, ancestry, disability, marital status, gender, sexual orientation, age, nationality, ethnic origin, pregnancy, or related needs, mental or sensory disability, HIV Status, or any other category protected by applicable law. In furtherance to our mission in building a more inclusive and equitable environment, we shall, from time to time, undertake programs to assist, uplift and empower underrepresented groups including but not limited to Women, PWD (Persons with Disabilities), LGTBQ+ (Lesbian, Gay, Transgender, Bisexual or Queer), Veterans and others. We strive to address all forms of discrimination or harassment and provide a safe and confidential process to report any misconduct.

Contact our Integrity hotline also, read our Code of Conduct.

Apply now »