Apply now »

Senior Manager - Security GRC

About Providence

Providence, one of the US’s largest not-for-profit healthcare systems, is committed to high quality, compassionate healthcare for all. Driven by the belief that health is a human right and the vision, ‘Health for a better world’, Providence and its 121,000 caregivers strive to provide everyone access to affordable quality care and services.

Providence has a network of 51 hospitals, 1,000+ care clinics, senior services, supportive housing, and other health and educational services in the US.

Providence India is bringing to fruition the transformational shift of the healthcare ecosystem to Health 2.0. The India center will have focused efforts around healthcare technology and innovation, and play a vital role in driving digital transformation of health systems for improved patient outcomes and experiences, caregiver efficiency, and running the business of Providence at scale.


Why Us?

  • Best In-class Benefits
  • Inclusive Leadership
  • Reimagining Healthcare
  • Competitive Pay
  • Supportive Reporting Relation

Job Description – Senior Manager, Governance, Risk & Compliance (GRC)

Role Overview

The Senior Manager – Governance, Risk & Compliance (GRC) is responsible for leading and maturing the organization’s cybersecurity governance, third‑party risk management (TPRM), regulatory compliance, and cybersecurity policy framework. This role provides strategic direction, operational leadership, and executive‑level oversight to ensure cybersecurity risks are effectively identified, governed, and mitigated in alignment with enterprise risk appetite and regulatory obligations.

The role oversees TPRM programs, compliance and control assurance initiatives, and cybersecurity policy and standards lifecycle management, while partnering closely with Cyber Engineering, IAM, Infrastructure, Legal, Procurement, Internal Audit, Risk Management, and business stakeholders.

GRC Leadership & Strategy

Define and execute the enterprise cybersecurity GRC strategy and roadmap aligned with business and risk management objectives.

Provide leadership and direction to GRC teams covering TPRM, compliance, audits, and policy management.

Serve as a trusted advisor to senior leadership on cybersecurity risk, regulatory posture, and governance decisions.

Third‑Party Risk Management (TPRM)

Own the end‑to‑end third‑party risk management program, including vendor due diligence, onboarding, periodic assessments, renewals, and continuous monitoring.

Define vendor risk tiers, assessment methodologies, and minimum cybersecurity requirements.

Partner with Procurement, Legal, Privacy, and business owners to ensure vendor risks are assessed, mitigated, and risk‑accepted where appropriate.

Track and report third‑party risk findings, remediation status, and risk trends through GRC platforms and executive reporting.

Cybersecurity Compliance & Control Assurance

Lead enterprise cybersecurity compliance programs aligned with HIPAA, NIST CSF, NIST 800‑53, ISO 27001, PCI‑DSS, SOX, and other applicable regulations.

Oversee the security control lifecycle including design, implementation, testing, evidence collection, and continuous assurance.

Coordinate internal and external audits, regulatory reviews, and security attestations.

Partner with engineering and IT teams to embed compliance and control requirements into technology initiatives.

Cybersecurity Policy & Standards Management

Own the cybersecurity policy, standards, and procedures lifecycle including creation, review, approval, publication, and periodic refresh.

Ensure policies and standards align with regulatory requirements, industry frameworks, and evolving threat landscapes.

Drive enterprise awareness and adoption of cybersecurity policies through governance forums and change management.

Govern security exceptions and risk acceptances related to policy deviations.

Risk Management & Reporting

Lead cybersecurity risk assessments, risk prioritization, and remediation tracking.

Define and report GRC metrics, dashboards, and executive‑level reporting for leadership and board stakeholders.

Identify systemic risk trends and drive strategic remediation initiatives across the enterprise.

People & Stakeholder Leadership

Lead, mentor, and develop high‑performing GRC teams.

Collaborate closely with Cyber Engineering, IAM, Cloud, Infrastructure, Privacy, Legal, and Audit teams.

Communicate complex cybersecurity risk and compliance topics clearly to technical and non‑technical stakeholders.

Required Skills & Experience

12+ years of experience in cybersecurity, governance, risk management, or compliance roles.

5+ years of experience in a leadership or senior management role.

Deep expertise in Third‑Party Risk Management (TPRM), compliance, audits, and policy management.

Strong working knowledge of NIST CSF, NIST 800‑53, ISO 27001, PCI‑DSS, HIPAA, and SOX.

Experience working with enterprise GRC platforms and workflow tools.

Preferred Qualifications

Experience in healthcare or other highly regulated industries.

Professional certifications such as CISSP, CISM, CRISC, or CISA.

Experience presenting cybersecurity risk and compliance posture to executive leadership.

Leadership & Behavioral Competencies

Strategic mindset with strong execution focus.

Ability to influence senior leaders and drive governance outcomes.

Excellent written and verbal communication skills.

High integrity, sound judgment, and strong ownership mindset.

Providence’s vision to create ‘Health for a Better World’ aids us to provide a fair and equitable workplace for all in our employment, whether temporary, part-time or full time, and to promote individuality and diversity of thought and background, and acknowledge its role in the organization’s success. This makes us committed towards equal employment opportunities, regardless of race, religion or belief, color, ancestry, disability, marital status, gender, sexual orientation, age, nationality, ethnic origin, pregnancy, or related needs, mental or sensory disability, HIV Status, or any other category protected by applicable law. In furtherance to our mission in building a more inclusive and equitable environment, we shall, from time to time, undertake programs to assist, uplift and empower underrepresented groups including but not limited to Women, PWD (Persons with Disabilities), LGTBQ+ (Lesbian, Gay, Transgender, Bisexual or Queer), Veterans and others. We strive to address all forms of discrimination or harassment and provide a safe and confidential process to report any misconduct.

Contact our Integrity hotline also, read our Code of Conduct.

Apply now »