American Red Cross
Senior Principal, IT Governance, Risk and Compliance (GRC)
American Red Cross, Oklahoma City, Oklahoma, United States
Senior Principal, IT Governance, Risk and Compliance (GRC)
American Red Cross – a mission‑driven organization focused on helping people during disaster relief, health education, and community services.
Job Overview As Senior Principal, you will be primarily responsible for designing, implementing, and monitoring a comprehensive IT policy and control framework, supporting mission‑critical business systems and the Red Cross ServiceNow platform for Integrated Risk Management. You will work closely with stakeholders and cross‑functional colleagues to advise on assessments, identify areas for improvement, and remediate gaps as a first line of defense. The position is virtual; remote from anywhere in the United States with a preference for East Coast hours.
Key Responsibilities Design, implement, and enforce IT policy and control frameworks that meet NIST 800‑53, 800‑171 and other industry best practices. Act as the primary liaison between IT/Business teams and Internal Audit to ensure transparency and effective audit-related activities. Drive collaboration for audit readiness, remediation, and continuous improvement. Contribute to the maturation of the GRC program through process optimization, automation, training, and policy development.
Work with Internal and External auditors, business stakeholders and suppliers on required IT control assessments and audits.
Provide first‑level support and consulting on internal audit activities and results as well as risk mitigation initiatives in response to audit findings.
Manage overall remediation process and create and oversee action plans to remediate issues.
Assist the Director, IT Governance, Risk, and Compliance and Senior Director, IT Governance, Risk and Compliance with IT governance and controls, internal and external audit readiness and support, and policy and standard development.
Lead daily governance, risk, control, and compliance functions leveraging ServiceNow.
Participate in and contribute to the IT Governance, Risk and Compliance program, ensuring controls, policies, and procedures meet regulatory requirements and best practices.
Collaborate with technology and business leaders to create, sustain, and strengthen internal control frameworks through design, implementation, and testing.
Provide guidance, training, and motivation to create control awareness and accountability.
Consult with Information Security, Legal, Supply Management, Risk Management, Audit Services, and other parties to strengthen the control environment.
Interpret regulatory compliance requirements and assist with gap analysis of current policies and practices relative to NIST and other standards.
Provide support for SOC 1 and SOC 2 security trust criteria.
Research regulations, review bulletins, and enforce organization standards.
Support maintenance of program processes and procedures using ServiceNow.
Evaluate and validate IT control effectiveness and internal business processes via ServiceNow and other tools.
Review control documentation to assess quality and effectiveness.
Document, track, and report on control gap findings and recommendations to management.
Help establish actionable metrics to drive the control assessment process.
Manage the exception and risk acceptance process related to control gaps and audit findings.
Support policy review and communication with the President’s Office.
Analyze policies for regulatory requirements and recommend solutions for weaknesses.
Qualifications
Bachelor’s degree in IT, audit, or a closely related discipline.
Minimum of 10 years of relevant experience, including 3–5 years in GRC roles with hands‑on ServiceNow GRC experience.
ServiceNow Integrated Risk Management experience is required.
Working knowledge of control frameworks (NIST, ISO, COBIT, FedRAMP, SOC 2, ISO 27001).
Strong organizational, communication, and project management skills.
Experience drafting, remediating, or editing IT policies, standards, and procedures.
Experience working cross‑functionally with engineers, product, security, and business leaders.
Experience coordinating with internal and/or external audit teams.
Ability to explain key controls to IT technologists and senior leaders.
Proficient in MS Excel, ServiceNow, and other tools.
Solid analytical and problem‑solving skills.
Open‑mindedness, creative thinking, and willingness to take calculated risks.
Certifications such as CISA, CISSP, CISM, or CRISC are a plus.
Pay Information The annual salary range is $110,000 – $140,000. An annual bonus is not offered for this role.
American Red Cross salaries are aligned to the geographic location where the work is performed. Other factors such as skills, years of experience, and role comparison are considered. Salary will be reviewed at phone screening based on your location and experience.
Benefits
Medical, Dental, and Vision plans.
Health Spending Accounts & Flexible Spending Accounts.
PTO: Starting at 15 days a year, adjusted by job type and tenure.
Holidays: 11 paid holidays (six core and five floating).
401(k) with up to 6% match.
Paid Family Leave.
Employee Assistance.
Short‑ and long‑term disability insurance.
Service awards and recognition.
EEOC Statement The American Red Cross is an Equal Opportunity employer. All qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, color, religion, national origin, disability, protected veteran status, age, or any other characteristic protected by law.
Qualified applicants with arrest or conviction records will be considered in accordance with Los Angeles County Fair Chance Ordinance, San Diego Fair Chance Ordinance, California Fair Chance Act, and other applicable state and local laws.
American Red Cross is a proud partner of AmeriCorps and supports federal, state, and national service alumni. To learn about volunteer opportunities, visit redcross.org/volunteertoday.
To view the EEOC Summary of Rights, click here: Summary of Rights.
#J-18808-Ljbffr
Job Overview As Senior Principal, you will be primarily responsible for designing, implementing, and monitoring a comprehensive IT policy and control framework, supporting mission‑critical business systems and the Red Cross ServiceNow platform for Integrated Risk Management. You will work closely with stakeholders and cross‑functional colleagues to advise on assessments, identify areas for improvement, and remediate gaps as a first line of defense. The position is virtual; remote from anywhere in the United States with a preference for East Coast hours.
Key Responsibilities Design, implement, and enforce IT policy and control frameworks that meet NIST 800‑53, 800‑171 and other industry best practices. Act as the primary liaison between IT/Business teams and Internal Audit to ensure transparency and effective audit-related activities. Drive collaboration for audit readiness, remediation, and continuous improvement. Contribute to the maturation of the GRC program through process optimization, automation, training, and policy development.
Work with Internal and External auditors, business stakeholders and suppliers on required IT control assessments and audits.
Provide first‑level support and consulting on internal audit activities and results as well as risk mitigation initiatives in response to audit findings.
Manage overall remediation process and create and oversee action plans to remediate issues.
Assist the Director, IT Governance, Risk, and Compliance and Senior Director, IT Governance, Risk and Compliance with IT governance and controls, internal and external audit readiness and support, and policy and standard development.
Lead daily governance, risk, control, and compliance functions leveraging ServiceNow.
Participate in and contribute to the IT Governance, Risk and Compliance program, ensuring controls, policies, and procedures meet regulatory requirements and best practices.
Collaborate with technology and business leaders to create, sustain, and strengthen internal control frameworks through design, implementation, and testing.
Provide guidance, training, and motivation to create control awareness and accountability.
Consult with Information Security, Legal, Supply Management, Risk Management, Audit Services, and other parties to strengthen the control environment.
Interpret regulatory compliance requirements and assist with gap analysis of current policies and practices relative to NIST and other standards.
Provide support for SOC 1 and SOC 2 security trust criteria.
Research regulations, review bulletins, and enforce organization standards.
Support maintenance of program processes and procedures using ServiceNow.
Evaluate and validate IT control effectiveness and internal business processes via ServiceNow and other tools.
Review control documentation to assess quality and effectiveness.
Document, track, and report on control gap findings and recommendations to management.
Help establish actionable metrics to drive the control assessment process.
Manage the exception and risk acceptance process related to control gaps and audit findings.
Support policy review and communication with the President’s Office.
Analyze policies for regulatory requirements and recommend solutions for weaknesses.
Qualifications
Bachelor’s degree in IT, audit, or a closely related discipline.
Minimum of 10 years of relevant experience, including 3–5 years in GRC roles with hands‑on ServiceNow GRC experience.
ServiceNow Integrated Risk Management experience is required.
Working knowledge of control frameworks (NIST, ISO, COBIT, FedRAMP, SOC 2, ISO 27001).
Strong organizational, communication, and project management skills.
Experience drafting, remediating, or editing IT policies, standards, and procedures.
Experience working cross‑functionally with engineers, product, security, and business leaders.
Experience coordinating with internal and/or external audit teams.
Ability to explain key controls to IT technologists and senior leaders.
Proficient in MS Excel, ServiceNow, and other tools.
Solid analytical and problem‑solving skills.
Open‑mindedness, creative thinking, and willingness to take calculated risks.
Certifications such as CISA, CISSP, CISM, or CRISC are a plus.
Pay Information The annual salary range is $110,000 – $140,000. An annual bonus is not offered for this role.
American Red Cross salaries are aligned to the geographic location where the work is performed. Other factors such as skills, years of experience, and role comparison are considered. Salary will be reviewed at phone screening based on your location and experience.
Benefits
Medical, Dental, and Vision plans.
Health Spending Accounts & Flexible Spending Accounts.
PTO: Starting at 15 days a year, adjusted by job type and tenure.
Holidays: 11 paid holidays (six core and five floating).
401(k) with up to 6% match.
Paid Family Leave.
Employee Assistance.
Short‑ and long‑term disability insurance.
Service awards and recognition.
EEOC Statement The American Red Cross is an Equal Opportunity employer. All qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, color, religion, national origin, disability, protected veteran status, age, or any other characteristic protected by law.
Qualified applicants with arrest or conviction records will be considered in accordance with Los Angeles County Fair Chance Ordinance, San Diego Fair Chance Ordinance, California Fair Chance Act, and other applicable state and local laws.
American Red Cross is a proud partner of AmeriCorps and supports federal, state, and national service alumni. To learn about volunteer opportunities, visit redcross.org/volunteertoday.
To view the EEOC Summary of Rights, click here: Summary of Rights.
#J-18808-Ljbffr