American Red Cross
Senior Principal, IT Governance, Risk and Compliance (GRC)
American Red Cross, Manchester, New Hampshire, United States
Senior Principal, IT Governance, Risk and Compliance (GRC)
As the Senior Principal, IT Governance, Risk and Compliance (GRC), you will be primarily responsible for supporting the delivery of a successful governance, risk, and compliance (GRC) program at the American Red Cross.
You will design, implement, and monitor a comprehensive IT policy and control framework, supporting mission‑critical business systems and processes leveraging the Red Cross ServiceNow platform for Integrated Risk Management. This framework will meet minimum requirements including NIST 800‑53, NIST 800‑171, and best practices in IT governance, security, risk, and compliance.
Key Responsibilities
Work with internal and external auditors, business stakeholders and suppliers on required IT control assessments and audits.
Provide first‑line support and consulting on internal audit activities and results as well as risk mitigation initiatives in response to audit findings.
Manage overall remediation process and oversee action plans to remediate issues.
Assist the Director and Senior Director of IT Governance, Risk, and Compliance with governance and controls, audit readiness support, and policy development.
Leverage ServiceNow for daily governance, risk, control, and compliance functions.
Collaborate with technology and business leaders to design, implement, and test internal control framework.
Provide guidance, training, and motivation to create control awareness and accountability.
Consult with Information Security, General Counsel, Supply Management, Risk Management, Audit Services, and others to strengthen the control environment.
Interpret regulatory compliance requirements and assist with gap analysis of current policies, procedures, and practices (NIST‑800‑53/171/30 and other standards).
Provide guidance on SOC 1 and SOC 2 security trust criteria.
Research regulations and establish organization standards.
Support maintenance of program processes and procedures using ServiceNow.
Participate in ongoing evaluation and validation of IT control effectiveness via ServiceNow and other tools.
Review control documentation and identify opportunities to enhance technical controls.
Document, track, and report on control gap findings, risk, impacts and recommendations to management.
Manage the exception and risk acceptance process related to control gaps and audit findings.
Support coordination and implementation of IT policies and standards to sustain regulatory and compliance initiatives.
Consult with the President’s Office during policy review and communication.
Analyze policies, standards, procedures, and guidelines for regulatory and compliance requirements, and recommend solutions for identified weaknesses.
Qualifications
Bachelor’s degree in a related field (IT, audit, or information security) or closely related discipline.
Minimum 10 years of related experience or equivalent combination of education and experience.
3–5 years of experience in governance, risk, and compliance roles with hands‑on ServiceNow GRC experience.
ServiceNow Integrated Risk Management experience is required.
Working knowledge of control frameworks, IT general controls, and security controls such as NIST, ISO, COBIT, FedRAMP, SOC 2, ISO 27001.
Highly motivated and proactive with strong organizational, communication, and project management skills.
Experience drafting, remediating, or editing IT policies, standards, procedures, and controls.
Experience working cross‑functional with engineers, product and security teams, and business leaders at all levels.
Experience coordinating with internal and/or external audit teams.
Ability to understand key controls and communicate them in a digestible way to IT technologists, control owners, and senior leaders.
Strong written and oral communication skills with utilization of appropriate tools (MS Excel, ServiceNow, etc.).
Solid analytical and problem‑solving skills in process review and issue remediation.
Open-mindedness, creative thinking, willingness to take calculated risks, and make informed decisions.
Certifications such as CISA, CISSP, CISM, CRISK are a plus.
Pay Information The annual salary range for this position is $110K–$140K. The American Red Cross does not offer an annual bonus for this role.
Benefits
Medical, dental, vision plans
Health Spending Accounts & Flexible Spending Accounts
Paid time off: Starting at 15 days a year; based on type of job and tenure
Holidays: 11 paid holidays comprised of six core holidays and five floating holidays
401(k) with up to 6% match
Paid family leave
Employee assistance
Disability and insurance: Short- & long-term
Service awards and recognition
Equal Employment Opportunity The American Red Cross is an Equal Opportunity employer. All qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, color, religion, national origin, disability, protected veteran status, age, or any other characteristic protected by law.
Qualified applicants with arrest or conviction records will be considered for employment in accordance with the Los Angeles County Fair Chance Ordinance, San Diego Fair Chance Ordinance, the California Fair Chance Act, and any other applicable state and local laws.
American Red Cross is a proud partner of AmeriCorps and the Service Year Alliance, and welcomes opportunities for national service alumni.
#J-18808-Ljbffr
You will design, implement, and monitor a comprehensive IT policy and control framework, supporting mission‑critical business systems and processes leveraging the Red Cross ServiceNow platform for Integrated Risk Management. This framework will meet minimum requirements including NIST 800‑53, NIST 800‑171, and best practices in IT governance, security, risk, and compliance.
Key Responsibilities
Work with internal and external auditors, business stakeholders and suppliers on required IT control assessments and audits.
Provide first‑line support and consulting on internal audit activities and results as well as risk mitigation initiatives in response to audit findings.
Manage overall remediation process and oversee action plans to remediate issues.
Assist the Director and Senior Director of IT Governance, Risk, and Compliance with governance and controls, audit readiness support, and policy development.
Leverage ServiceNow for daily governance, risk, control, and compliance functions.
Collaborate with technology and business leaders to design, implement, and test internal control framework.
Provide guidance, training, and motivation to create control awareness and accountability.
Consult with Information Security, General Counsel, Supply Management, Risk Management, Audit Services, and others to strengthen the control environment.
Interpret regulatory compliance requirements and assist with gap analysis of current policies, procedures, and practices (NIST‑800‑53/171/30 and other standards).
Provide guidance on SOC 1 and SOC 2 security trust criteria.
Research regulations and establish organization standards.
Support maintenance of program processes and procedures using ServiceNow.
Participate in ongoing evaluation and validation of IT control effectiveness via ServiceNow and other tools.
Review control documentation and identify opportunities to enhance technical controls.
Document, track, and report on control gap findings, risk, impacts and recommendations to management.
Manage the exception and risk acceptance process related to control gaps and audit findings.
Support coordination and implementation of IT policies and standards to sustain regulatory and compliance initiatives.
Consult with the President’s Office during policy review and communication.
Analyze policies, standards, procedures, and guidelines for regulatory and compliance requirements, and recommend solutions for identified weaknesses.
Qualifications
Bachelor’s degree in a related field (IT, audit, or information security) or closely related discipline.
Minimum 10 years of related experience or equivalent combination of education and experience.
3–5 years of experience in governance, risk, and compliance roles with hands‑on ServiceNow GRC experience.
ServiceNow Integrated Risk Management experience is required.
Working knowledge of control frameworks, IT general controls, and security controls such as NIST, ISO, COBIT, FedRAMP, SOC 2, ISO 27001.
Highly motivated and proactive with strong organizational, communication, and project management skills.
Experience drafting, remediating, or editing IT policies, standards, procedures, and controls.
Experience working cross‑functional with engineers, product and security teams, and business leaders at all levels.
Experience coordinating with internal and/or external audit teams.
Ability to understand key controls and communicate them in a digestible way to IT technologists, control owners, and senior leaders.
Strong written and oral communication skills with utilization of appropriate tools (MS Excel, ServiceNow, etc.).
Solid analytical and problem‑solving skills in process review and issue remediation.
Open-mindedness, creative thinking, willingness to take calculated risks, and make informed decisions.
Certifications such as CISA, CISSP, CISM, CRISK are a plus.
Pay Information The annual salary range for this position is $110K–$140K. The American Red Cross does not offer an annual bonus for this role.
Benefits
Medical, dental, vision plans
Health Spending Accounts & Flexible Spending Accounts
Paid time off: Starting at 15 days a year; based on type of job and tenure
Holidays: 11 paid holidays comprised of six core holidays and five floating holidays
401(k) with up to 6% match
Paid family leave
Employee assistance
Disability and insurance: Short- & long-term
Service awards and recognition
Equal Employment Opportunity The American Red Cross is an Equal Opportunity employer. All qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, color, religion, national origin, disability, protected veteran status, age, or any other characteristic protected by law.
Qualified applicants with arrest or conviction records will be considered for employment in accordance with the Los Angeles County Fair Chance Ordinance, San Diego Fair Chance Ordinance, the California Fair Chance Act, and any other applicable state and local laws.
American Red Cross is a proud partner of AmeriCorps and the Service Year Alliance, and welcomes opportunities for national service alumni.
#J-18808-Ljbffr