Ochsner Health
GRC Manager
We are seeking an experienced and highly motivated GRC Manager to lead our Governance, Risk, and Compliance (GRC) function. Reporting directly to the Cybersecurity Director, the GRC Manager will oversee a team of GRC Engineers and be responsible for developing, maintaining, and optimizing the organization's information security risk management and compliance frameworks. This role is critical in ensuring regulatory compliance, managing third-party risk, and enabling secure business operations. To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable qualified individuals with disabilities to perform the essential duties. This job description is a summary of the primary duties and responsibilities of the job and position. It is not intended to be a comprehensive or all-inclusive listing of duties and responsibilities. Contents are subject to change at the company's discretion. Key Responsibilities:
Lead, mentor, and manage a team of GRC Engineers, fostering professional growth and alignment with organizational objectives. Develop and execute GRC strategies that align with enterprise cybersecurity goals and business priorities. Establish and monitor key performance indicators (KPIs) and metrics for the GRC function. Develop, maintain, and enforce cybersecurity policies, standards, and procedures in accordance with industry best practices and regulatory requirements (e.g., NIST, ISO 27001, SOC 2, PCI-DSS, HIPAA). Coordinate with internal stakeholders to ensure policy adherence across the organization. Own and operate the enterprise risk management process related to information security. Identify, assess, prioritize, and track remediation of cybersecurity risks. Facilitate risk assessments, control testing, and remediation plans. Ensure ongoing compliance with applicable regulations and frameworks. Prepare for and support internal and external audits, including gathering evidence and coordinating responses. Maintain documentation and audit logs in support of compliance efforts. Oversee third-party security reviews and risk assessments. Collaborate with procurement and legal to ensure vendors meet security and compliance requirements. Support security awareness training initiatives in partnership with internal communications and HR teams. Drive continuous improvement of compliance education across departments. Qualifications:
Bachelor's degree in information security, Computer Science, Business, or a related field (Master's preferred). 58+ years of experience in information security, with at least 23 years in a GRC leadership or management role. Experience managing teams and working cross-functionally with legal, IT, engineering, and business stakeholders. Combination of education and experience acceptable. CISSP, CISM, CRISC, CISA, or similar GRC-related certifications. In-depth understanding of security frameworks such as NIST CSF, ISO 27001, SOC 2, and regulatory requirements. Familiarity with GRC tools and platforms (e.g., Archer, ServiceNow GRC, LogicGate). Strong project management and communication skills. Ability to interpret technical and business needs and translate them into risk mitigation actions. The above statements describe the general nature and level of work only. They are not an exhaustive list of all required responsibilities, duties, and skills. Other duties may be added, or this description amended at any time. Remains knowledgeable on current federal, state and local laws, accreditation standards or regulatory agency requirements that apply to the assigned area of responsibility and ensures compliance with all such laws, regulations and standards. This employer maintains and complies with its Compliance & Privacy Program and Standards of Conduct, including the immediate reporting of any known or suspected unethical or questionable behaviors or conduct; patient/employee safety, patient privacy, and/or other compliance-related concerns. The employer is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, or disability status.
We are seeking an experienced and highly motivated GRC Manager to lead our Governance, Risk, and Compliance (GRC) function. Reporting directly to the Cybersecurity Director, the GRC Manager will oversee a team of GRC Engineers and be responsible for developing, maintaining, and optimizing the organization's information security risk management and compliance frameworks. This role is critical in ensuring regulatory compliance, managing third-party risk, and enabling secure business operations. To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable qualified individuals with disabilities to perform the essential duties. This job description is a summary of the primary duties and responsibilities of the job and position. It is not intended to be a comprehensive or all-inclusive listing of duties and responsibilities. Contents are subject to change at the company's discretion. Key Responsibilities:
Lead, mentor, and manage a team of GRC Engineers, fostering professional growth and alignment with organizational objectives. Develop and execute GRC strategies that align with enterprise cybersecurity goals and business priorities. Establish and monitor key performance indicators (KPIs) and metrics for the GRC function. Develop, maintain, and enforce cybersecurity policies, standards, and procedures in accordance with industry best practices and regulatory requirements (e.g., NIST, ISO 27001, SOC 2, PCI-DSS, HIPAA). Coordinate with internal stakeholders to ensure policy adherence across the organization. Own and operate the enterprise risk management process related to information security. Identify, assess, prioritize, and track remediation of cybersecurity risks. Facilitate risk assessments, control testing, and remediation plans. Ensure ongoing compliance with applicable regulations and frameworks. Prepare for and support internal and external audits, including gathering evidence and coordinating responses. Maintain documentation and audit logs in support of compliance efforts. Oversee third-party security reviews and risk assessments. Collaborate with procurement and legal to ensure vendors meet security and compliance requirements. Support security awareness training initiatives in partnership with internal communications and HR teams. Drive continuous improvement of compliance education across departments. Qualifications:
Bachelor's degree in information security, Computer Science, Business, or a related field (Master's preferred). 58+ years of experience in information security, with at least 23 years in a GRC leadership or management role. Experience managing teams and working cross-functionally with legal, IT, engineering, and business stakeholders. Combination of education and experience acceptable. CISSP, CISM, CRISC, CISA, or similar GRC-related certifications. In-depth understanding of security frameworks such as NIST CSF, ISO 27001, SOC 2, and regulatory requirements. Familiarity with GRC tools and platforms (e.g., Archer, ServiceNow GRC, LogicGate). Strong project management and communication skills. Ability to interpret technical and business needs and translate them into risk mitigation actions. The above statements describe the general nature and level of work only. They are not an exhaustive list of all required responsibilities, duties, and skills. Other duties may be added, or this description amended at any time. Remains knowledgeable on current federal, state and local laws, accreditation standards or regulatory agency requirements that apply to the assigned area of responsibility and ensures compliance with all such laws, regulations and standards. This employer maintains and complies with its Compliance & Privacy Program and Standards of Conduct, including the immediate reporting of any known or suspected unethical or questionable behaviors or conduct; patient/employee safety, patient privacy, and/or other compliance-related concerns. The employer is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, or disability status.