American Red Cross
Senior Principal, IT Governance, Risk and Compliance (GRC)
American Red Cross, Baltimore, Maryland, United States
Senior Principal, IT Governance, Risk and Compliance (GRC)
Join to apply for the
Senior Principal, IT Governance, Risk and Compliance (GRC)
role at
American Red Cross
WHY CHOOSE US?
Joining the American Red Cross is an opportunity to touch millions of lives every year and experience the greatness of the human spirit. You will be part of the world’s largest humanitarian network, working with a diverse and unified team. Your career will grow within a movement that values success measured by people helped, communities rebuilt, and lives transformed.
You’ll receive mentorship that empowers growth, competitive compensation and benefits, and a community that respects you both inside and outside of work.
Job Overview
As the Senior Principal, IT Governance, Risk and Compliance (GRC), you will design, implement, and monitor a comprehensive IT policy and control framework. You will support mission‑critical business systems and services on the Red Cross ServiceNow platform, ensuring compliance with NIST 800‑53, NIST 800‑171, and other best practices. Working closely with stakeholders, you will advise on assessment design, identify improvement opportunities, and lead remediation efforts as the first line of defense.
Key responsibilities include coordinating with Internal Audit and Business teams to maintain audit readiness, driving process improvement, and enhancing governance capabilities. The role is remote and available to candidates located anywhere in the United States, with a preference for East Coast hours.
Key Responsibilities
Coordinate with Internal and External auditors, business stakeholders, and suppliers on IT control assessments and audits.
Provide first‑level support and consulting on internal audit activities, including risk mitigation initiatives.
Manage overall remediation processes and oversee action plans to address findings.
Assist the Director of IT Governance, Risk, and Compliance with governance and audit readiness, policy development, and policy and standard coordination.
Leverage ServiceNow for daily governance, risk, control, and compliance functions.
Collaborate with technology and business leaders to strengthen the internal control framework through design, implementation, and testing.
Deliver guidance, training, and accountability to stakeholders.
Consult with Information Security, Legal, Supply Management, Risk Management, and Audit Services to strengthen controls.
Interpret regulatory compliance requirements and conduct gap analyses of policies and procedures in alignment with NIST, ISO, COBIT, FedRAMP, SOC 2, and ISO 27001.
Support SOC 1 and SOC 2 security trust criteria.
Research and review regulatory bulletins to maintain high‑quality service standards.
Maintain program processes and procedures using ServiceNow.
Participate in ongoing evaluations of IT control effectiveness and internal business processes via ServiceNow and other tools.
Document, track, and report control gaps, risks, and recommendations to management.
Lead the Exception and Risk Acceptance Process for control gaps and audit findings.
Support and coordinate the implementation of IT policies and standards with the President’s Office.
Analyze policies, standards, and procedures for regulatory compliance and recommend improvements.
Required Minimum Qualifications
Bachelor’s degree in a related field (IT, audit, information security) or closely related discipline.
Minimum 10 years of related experience or equivalent combination of education and experience.
3-5 years in Governance, Risk, and Compliance roles with hands‑on ServiceNow GRC experience.
Experience with ServiceNow Integrated Risk Management.
Knowledge of control frameworks and security controls such as NIST, ISO, COBIT, FedRAMP, SOC 2, ISO 27001.
Strong organizational, communication, and project management skills.
Experience drafting, remediating, or editing IT policies, standards, procedures, and controls.
Experience working cross‑functionally with engineers, product, and security teams.
Experience coordinating with internal and/or external audit teams.
Ability to communicate key controls in a digestible way to technologists, control owners, and senior leaders.
Strong written and oral communication skills using tools such as MS Excel and ServiceNow.
Solid analytical and problem‑solving skills in process review and issue remediation.
Open‑mindedness, creative thinking, and willingness to take calculated risks.
Certifications such as CISA, CISSP, CISM, CRISK are a plus.
Pay Information The annual salary range for this position is $110,000 - $140,000. No annual bonus is offered for this role. Salary may vary based on geographic location, skills, and experience.
Benefits
Medical, Dental, and Vision plans
Health Spending Accounts & Flexible Spending Accounts
Paid Time Off starting at 15 days per year
11 paid holidays (6 core + 5 floating)
401(k) with up to 6% match
Paid Family Leave
Employee Assistance Program
Short‑Term & Long‑Term Disability and Insurance
Service Awards and Recognition
Equal Opportunity Employer
The American Red Cross is an Equal Opportunity employer. All qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, color, religion, national origin, disability, protected veteran status, age, or any other characteristic protected by law.
Qualified applicants with arrest or conviction records will be considered for employment in accordance with applicable Fair Chance Ordinances and laws.
The American Red Cross is an Employment Opportunities Network for National Service partner. Applicants may also explore volunteer positions at
redcross.org/volunteertoday .
#J-18808-Ljbffr
Senior Principal, IT Governance, Risk and Compliance (GRC)
role at
American Red Cross
WHY CHOOSE US?
Joining the American Red Cross is an opportunity to touch millions of lives every year and experience the greatness of the human spirit. You will be part of the world’s largest humanitarian network, working with a diverse and unified team. Your career will grow within a movement that values success measured by people helped, communities rebuilt, and lives transformed.
You’ll receive mentorship that empowers growth, competitive compensation and benefits, and a community that respects you both inside and outside of work.
Job Overview
As the Senior Principal, IT Governance, Risk and Compliance (GRC), you will design, implement, and monitor a comprehensive IT policy and control framework. You will support mission‑critical business systems and services on the Red Cross ServiceNow platform, ensuring compliance with NIST 800‑53, NIST 800‑171, and other best practices. Working closely with stakeholders, you will advise on assessment design, identify improvement opportunities, and lead remediation efforts as the first line of defense.
Key responsibilities include coordinating with Internal Audit and Business teams to maintain audit readiness, driving process improvement, and enhancing governance capabilities. The role is remote and available to candidates located anywhere in the United States, with a preference for East Coast hours.
Key Responsibilities
Coordinate with Internal and External auditors, business stakeholders, and suppliers on IT control assessments and audits.
Provide first‑level support and consulting on internal audit activities, including risk mitigation initiatives.
Manage overall remediation processes and oversee action plans to address findings.
Assist the Director of IT Governance, Risk, and Compliance with governance and audit readiness, policy development, and policy and standard coordination.
Leverage ServiceNow for daily governance, risk, control, and compliance functions.
Collaborate with technology and business leaders to strengthen the internal control framework through design, implementation, and testing.
Deliver guidance, training, and accountability to stakeholders.
Consult with Information Security, Legal, Supply Management, Risk Management, and Audit Services to strengthen controls.
Interpret regulatory compliance requirements and conduct gap analyses of policies and procedures in alignment with NIST, ISO, COBIT, FedRAMP, SOC 2, and ISO 27001.
Support SOC 1 and SOC 2 security trust criteria.
Research and review regulatory bulletins to maintain high‑quality service standards.
Maintain program processes and procedures using ServiceNow.
Participate in ongoing evaluations of IT control effectiveness and internal business processes via ServiceNow and other tools.
Document, track, and report control gaps, risks, and recommendations to management.
Lead the Exception and Risk Acceptance Process for control gaps and audit findings.
Support and coordinate the implementation of IT policies and standards with the President’s Office.
Analyze policies, standards, and procedures for regulatory compliance and recommend improvements.
Required Minimum Qualifications
Bachelor’s degree in a related field (IT, audit, information security) or closely related discipline.
Minimum 10 years of related experience or equivalent combination of education and experience.
3-5 years in Governance, Risk, and Compliance roles with hands‑on ServiceNow GRC experience.
Experience with ServiceNow Integrated Risk Management.
Knowledge of control frameworks and security controls such as NIST, ISO, COBIT, FedRAMP, SOC 2, ISO 27001.
Strong organizational, communication, and project management skills.
Experience drafting, remediating, or editing IT policies, standards, procedures, and controls.
Experience working cross‑functionally with engineers, product, and security teams.
Experience coordinating with internal and/or external audit teams.
Ability to communicate key controls in a digestible way to technologists, control owners, and senior leaders.
Strong written and oral communication skills using tools such as MS Excel and ServiceNow.
Solid analytical and problem‑solving skills in process review and issue remediation.
Open‑mindedness, creative thinking, and willingness to take calculated risks.
Certifications such as CISA, CISSP, CISM, CRISK are a plus.
Pay Information The annual salary range for this position is $110,000 - $140,000. No annual bonus is offered for this role. Salary may vary based on geographic location, skills, and experience.
Benefits
Medical, Dental, and Vision plans
Health Spending Accounts & Flexible Spending Accounts
Paid Time Off starting at 15 days per year
11 paid holidays (6 core + 5 floating)
401(k) with up to 6% match
Paid Family Leave
Employee Assistance Program
Short‑Term & Long‑Term Disability and Insurance
Service Awards and Recognition
Equal Opportunity Employer
The American Red Cross is an Equal Opportunity employer. All qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, color, religion, national origin, disability, protected veteran status, age, or any other characteristic protected by law.
Qualified applicants with arrest or conviction records will be considered for employment in accordance with applicable Fair Chance Ordinances and laws.
The American Red Cross is an Employment Opportunities Network for National Service partner. Applicants may also explore volunteer positions at
redcross.org/volunteertoday .
#J-18808-Ljbffr