Governance, Risk and Compliance Manager
- Job Title
- Governance, Risk and Compliance Manager
- Job ID
- 27650265
- Location
- Remote,
- Other Location
- Description
-
Governance, Risk and Compliance Manager
Location: Remote
Status: Full-time Exempt
Reports to: VP, Legal
Direct Reports: None
Travel: 5%
We want to hear from you! Candidates are encouraged to apply even if they don’t meet every requirement. If you are interested and passionate about our mission and being at the forefront of precision medicine, please don’t hesitate to apply!
About M2GEN / Who we are
M2GEN is an oncology-focused health informatics solutions company that leverages clinical and molecular data to accelerate the discovery, development, and delivery of personalized therapies. Founded in 2006 with a mission to enable a collaborative approach to fight cancer, M2GEN facilitates the Oncology Research Information Exchange Network (ORIEN), an alliance of leading cancer centers that participate in the HIPAA-compliant, IRB-approved protocol, patient-consented Total Cancer Care (TCC) to gather de-identified clinical and genomic patient data for research, publication and treatment purposes. M2GEN currently has over 300,000 total consented patients across a network of 18 cancer centers throughout the U.S.
We are a fast growing company, merging data and science to accelerate the discovery and delivery of precision medicine. Our purpose is to connect patients to a cure so they can lead better lives. If you are passionate about making a difference and creating and delivering health informatics solutions to impact the future of cancer care and predicting and meeting patient’s needs, join the team!
Learn more at www.m2gen.com
Role / What you will be doing
The Information Security and Legal teams at M2GEN seek a highly motivated, skilled, responsible, and resourceful individual to fill a Governance, Risk, & Compliance (GRC) Manager position. The GRC Manager is responsible to ensure actionable data is gathered across the organization related to risks (e.g. regulatory, privacy and /or security), maturity, and risk reduction. In this role, you will get an opportunity to drive end-to-end risk mitigation program.
The ideal candidate will have experience in healthcare regulatory and privacy matters as well as balanced exposure to various subprocesses in technology risk management such as assessments, control life cycle management, issue management, as well as be able to run and support governance, risk, and compliance processes across M2GEN.
Responsibilities (this is not an all-inclusive list; duties may evolve over time as business needs change)- Identify and manage risks including assessing, defining, classifying, and measuring risks, by developing enterprise-wide risk assessments, building metrics from data gathered
- Lead governance program including policy development, oversight, tracking and management
- Draft policies including standards that enhance regulatory compliance, privacy and security, while reducing risk
- Provide oversight and continuous monitoring of compliance with policies and standards across the enterprise, including M2GEN contractors and third-party vendors
- Measure risk posture specific to healthcare security, regulatory and privacy concerns through scorecards, Key Risk Indicators (KRI), and Key Performance Indicators (KPI), etc.
- Responsible for coordinating and supporting the implementation of risk reduction and oversight for all facets of the IT and Legal program in alignment with leadership across the organization.
- Leading third party management and risk assessments for security threats
- Manages oversight of business continuity program as it relates to enterprise IT risks, in coordination with other business leaders
- Leads the education and awareness campaign across the organization
- Develop best practices and training for program execution and management
- Maintain up-to-date knowledge and, document requirements for intake/execution by product and engineering teams, of regulatory requirements such as HIPPA, GDPR, CCPA, etc.
Education / Experience- A bachelor's degree in a related field and approximately (3) years of related work experience; or no degree and (6+) years of related work experience:
- successful progressing experience working with IT and risk management, governance, policies, standards, control design implementation, control assessment, business continuity and education and training preferably in the healthcare space
- Information Security; Healthcare Regulatory and/or Privacy training and/or certifications – preferred
Knowledge / Skills / Abilities- Creative, strategic, critical, and analytical yet decisive thinker with the ability to track and coordinate multiple activities, initiatives, and tasks
- Strong leadership skills and ability to build positive business partner relationships
- Experience developing and leading GRC programs and teams including metrics development and oversight provided for the implementation of risk remediation for technical and non-technical risks
- Experience assessing and managing risks in cloud environments
- Excellent interpersonal, written, and verbal communication skills
- Experience and expertise leading a risk management program, which include all facets of security, privacy and regulatory compliance
- Comfortable working in a self-efficient, fast-paced, results-oriented environment
- Experience working in customer focused environments
- Excellent organizational skills
- Strong analytical orientation and capable of interpreting data
- Knowledgeable in risk management methodologies, frameworks, and principles (e.g. ISO, HITRUST, NIST, CSA Cloud Security Alliance, SOX, ITIL, GDPR, etc.)
- Metrics management and analysis implementation expertise
- Experience leading third party risk programs
- Proven ability to work across teams and to leverage power of influence to achieve results
- Comfortable working in agile methodologies such as scrum/Kanban
- Experience translating policies to requirements that product/engineering/science can implement
- Excellent collaboration skills to effectively communicate with both business and technical teams
- Strong business acumen and the ability to understand and adapt to changing customer needs in highly competitive conditions
- Self-motivated and directed, consistently demonstrating initiative and drive for results
- Ability to communicate with business and technical users at all levels, internally and externally
- Persistent and resilient with a tenacious appetite for success
- Flexible, start-up mindset and high functioning in a fast-paced, constantly changing, deadline driven environment
- Ability to work under pressure with time sensitive deliverables, always exemplifying professional and courteous behavior
- Interest in Oncology a plus
- Passion for healthcare security and privacy
- Patients First
- Be Bold
- Join the Conversation
- Create Knowledge
- Lead by Example
M2GEN is proud to be an Equal Employment Opportunity Employer committed to building a diverse, equitable and inclusive workforce. We strive to be representative, at all levels, of the communities and patients we serve. In compliance with all applicable federal, state, and local laws and regulations, M2GEN’s employment practices prohibit discrimination on the basis of race, color, national origin, religion, gender, gender identity, sexual orientation, genetic information (including family medical history), age, disability, marital or parental status (including pregnancy), political affiliation, veteran status, military service, or other non-merit based factors.
