Manager, Cybersecurity Governance & Risk

**Position Title: Manager, Cybersecurity Governance & Risk

Salary Range: $104,000 - $120,000

Department: Information Technology

Reports to: Director of Cybersecurity

Location: Remote

Schedule: M-F, 9-5 EST**

Formerly the Mental Health Association of New York City (MHA-NYC), Vibrant Emotional Health’s groundbreaking solutions have delivered high quality services and support, when, where and how people need it for over 50 years. Through our state-of-the-art technology-enabled services, community wellness programs, and advocacy and education work, we are building a society in which emotional wellness can be a reality for everyone.

Position Summary

The Manager of Governance and Risk is responsible for overseeing and managing the information technology governance, risk management, and compliance functions within Vibrant Technology. The Manager of Governance and Risk develops and implements policies, procedures, and controls to ensure the IT infrastructure and processes are aligned with industry best practices and regulatory requirements. In addition, will also collaborate with cross-functional teams, including IT, security, legal, and organization stakeholders, to establish a robust governance framework and manage risks effectively. **

Responsibilities**

• Develop and maintain IT governance frameworks, standards, and policies and collaborate with senior leadership to establish and enforce IT governance practices.
• Monitor and ensure compliance with IT policies and guidelines throughout the organization.
• Implement IT governance metrics and reporting mechanisms to evaluate the effectiveness of governance initiatives.
• Conduct IT risk assessments to identify and prioritize potential threats and vulnerabilities to develop risk mitigation strategies and action plans in alignment with business objectives.
• Monitor and assess IT risks on an ongoing basis and make recommendations for risk reduction.
• Lead incident response and disaster recovery efforts in the event of a security breach or IT-related incident.
• Stay abreast of relevant laws, regulations, and industry standards related to IT and data security.
• Establish and manage compliance programs to ensure adherence to applicable regulations (e.g., GDPR, HIPAA, HITRUST).
• Coordinate with internal and external auditors to facilitate IT audits and compliance assessments.
• Implement corrective actions and improvements based on audit findings and recommendations.
• Evaluate third-party vendors' security and compliance practices to minimize potential risks, establish vendor risk assessment processes and monitor vendor compliance with contractual obligations to ensure that vendors meet the organization's security and data protection requirements.
• Conduct IT security and compliance training for employees to promote a culture of security awareness.
• Develop and distribute educational materials on IT best practices, policies, and procedures.
• Provide regular updates and reports to senior management on IT governance, risk, and compliance status and communicate IT security and compliance matters to non-technical stakeholders in a clear and understandable manner.
• Contribute to and/or lead other department specific and cross-functional initiatives.

Position Requirements

Knowledge & Experience

• Demonstrated expertise in governance, risk, and compliance management methodologies, frameworks, and best practices. Proficient in assessing, developing, and implementing GRC strategies to address organizational risks and ensure compliance with relevant regulations and standards.
• Ability to conduct comprehensive risk assessments across various business functions and IT systems. Skilled in identifying potential risks and vulnerabilities and developing effective risk mitigation plans and controls.
• Solid understanding of relevant laws, regulations, and security risk management frameworks (e.g., ISO 27001, NIST Cybersecurity Framework).
• Proficient in designing and implementing internal controls to protect assets, prevent fraud, and maintain data integrity. Experienced in coordinating and facilitating internal and external audits and addressing audit findings.
• Ability to develop and maintain clear, concise, and comprehensive policies, procedures, and guidelines related to GRC. Skilled in ensuring policies are accessible, understood, and adhered to by stakeholders.
• Competent in developing and delivering GRC training and awareness programs for employees and stakeholders. Capable of fostering a culture of compliance and risk consciousness throughout the organization.
• Skilled in managing and responding to security incidents, breaches, or compliance violations. Proficient in analyzing root causes and implementing corrective actions to prevent future occurrences.
• Knowledgeable in evaluating and managing risks associated with third-party vendors and partners. Capable of conducting due diligence and ensuring contractual obligations address potential risks.
• Strong project management and leadership skills.
• Excellent communication and interpersonal skills, with the ability to influence and collaborate across different departments.
• Demonstrated ability to collaborate effectively with cross-functional teams.
• Analytical mindset with a focus on problem-solving and continuous improvement.

Formal Education, Certification & Experience

• Bachelor’s degree in business, risk management, information technology, or equivalent professional experience. Master's degree would be a plus.
• Relevant certifications such as HITRUST, CRISC, CISA, CISM, or GRC-specific certifications are preferred.
• Minimum 5 years of experience in IT governance, risk management, and compliance roles.
• 3-5 years experience managing or leading a team
• Experience in conducting risk assessments and implementing risk management strategies.

Excellent comprehensive benefits, including medical, dental, vision, supplemental income insurance, pre-tax transit/parking, pre-tax FSA for medical and dependent care, and 401K available. 4 weeks’ vacation, plum benefits, etc.

_Studies have shown that women and people of color are less likely to apply for jobs unless they believe they are able to perform every task in the job description. We are most interested in finding the best candidate for the job, and that candidate may be one who come from a less traditional background. Vibrant will consider any equivalent combination of knowledge, skills, education and experience to meet minimum qualifications. If you are interested in applying, we encourage you to think broadly about your background and skill set for the role.

_ Vibrant Emotional Health is an equal opportunity employer. Applicants are considered for positions without regard to veteran status, uniformed service member status, race, creed, color, religion, gender, gender identity, sex, sexual orientation, citizenship status, national origin, marital status, age, physical or mental disability, genetic information, caregiver status or any other category protected by applicable federal, state or local laws.

_"Please be aware that fictitious job openings, consulting engagements, solicitations, or employment offers may be circulated on the Internet in an attempt to obtain privileged information, or to induce you to pay a fee for services related to recruitment or training. Vibrant does NOT charge any application, processing, or training fee at any stage of the recruitment or hiring process. All genuine job openings will be posted on our careers page and all communications from the Vibrant recruiting team and/or hiring managers will be from an @vibrant.org email address"

_