Manager Governance Risk & Compliance

Overview:

Are you ready to be part of the extraordinary future of technical education? Do you thrive in a dynamic, innovative environment where you can make a tangible impact? If so, UTI wants YOU to join our team as the Manager Governance Risk & Compliance!

Reporting to the Vice President of Information Security, the Manager of Governance, Risk, and Compliance (GRC) is responsible to oversee and manage the organization's GRC programs. This role leads the development, implementation, and ongoing coordination of an enterprise-wide cyber security governance, risk and compliance program. This hands on-leader also defines and aligns security policies, standards, controls, assessments, and compliance initiatives, and, maintains the company’s National Institute of Standards and Technology (NIST) Cyber Security Framework (CSF) program, leads improvement initiatives, and provides frequent updates to the executive leadership team.

What We Offer:
• Competitive Salary of $110,000 - $130,000 per year
• FREE UTI or Concorde Tuition for you AND your Immediate Family
• Medical/Dental/Vision/Life Ins/STD & LTD Ins
• 401K, Paid Holidays, Paid Time Off
• Paid Parental Leave
• Pet Insurnace

• Remote work environment with up to 5% travel

Principal Accountabilities & Deliverables

Governance:

• Develop and communicate GRC strategy: Create and communicate the governance, risk, and compliance strategy.
• Lead risk framework and reporting: Establish and maintain a structured risk framework, track key metrics, and present reports to stakeholders.
• Build and maintain a high-performance team: Foster a motivated and engaged team through effective training, performance management, and recognition of achievements.

Compliance:

• Lead compliance and assurance functions: Continuously evaluate cybersecurity controls to ensure effectiveness and adherence to key controls and policies.
• Develop and operationalize policies: Enhance and implement enterprise-level security, risk, and privacy policies, processes, and controls to mitigate risk and comply with applicable laws and regulations.
• Prescribe and implement security improvements: Resolve or mitigate security findings and enhance security posture to achieve compliance with all security initiatives and industry regulations.

Risk:

• Drive security and risk management initiatives: Accomplish security risk assessments, control testing, regulatory or internal audit processes, responses, and risk management strategies. Provide visibility and management of cyber risks.
• Manage third-party and enterprise-wide risk programs: Conduct new and annual assessments, establish risk rankings of vendors and partners, monitor changes, and maintain an enterprise-wide risk register. Oversee exception management and partner with technology and security operations to reduce security findings.
• Enhance data protection and innovation: Build and maintain a strategic data protection and privacy program. Foster innovation efforts to increase efficiencies and automate manual processes.

Education / Experience

• HS Diploma or GED (required) and five (5) years of experience in governance, risk management, compliance and privacy; bachelor's degree in computer science, business administration, finance, or law (preferred)
• Minimum two (2) years of managerial experience including managing teams and/or processes responsible for governance, risk management, and compliance (required)
• Minimum five (5) years working with Committee of Sponsoring Organizations of the Treadway Commission (COSO) and NIST frameworks for risk management and controls (required)
• Minimum five (5) years of experience authoring and maintaining information security and GRC policies and procedures (required)
• Minimum five (5) years of maintaining an enterprise-wide third-party risk management program (required)
• Deep understanding of security controls and alignment to key regulations and standards NIST, FERPA, GLBA, HIPAA, PCI, and SOX (required)
• Experience conducting internal and external risk assessments (required)

Skills

• Expert understanding of common security controls
• Strong knowledge of cloud-based security tools and controls (e.g. Azure, O365, AWS)
• Strong interpersonal skills with the expert ability to develop strong relationships with key members of both internal and vendor teams
• Business acumen with an expert knowledge and understanding of business issues, priorities, goals, and strategy
• Articulate communicator and collaborator with the professional confidence and credibility to effectively engage and interact with senior and executive management

About Us:
It’s all about the reputation. 55+ years of experience, trusted by 35+ industry leading brands, 16 campuses, 5 technical schools. But it’s not all about the numbers. Here at Universal Technical Institute and its family of schools, we care about YOU. We care about making a change in the lives of our employees and our students. We’re on a mission to expand our reach and increase our impact, one life at a time and that starts with yours...Come and be a part of our legacy!