Job Description :
Hi,
Please go through the job description and let me know if you are interested in the same.
Please reply with your updated resume and expected compensation.
Feel free to contact me on for more information.

Title : GRC Architect (Governance/ Risk/ Compliance)
Location : Cincinnati, OH
PERM position or Full Time Role
Interview: 1st: phone 2nd: F2F/ SKYPE if at a distance

Description:
Client is seeking a GRC Architect (Governance/ Risk/ Compliance) for a PERM position in the Cincinnati, OH area.
GRC Architect will lead the Information Security department’s in the development and ongoing governance, risk and compliance of new systems, applications and vendors by evaluating team compliance with company policies and standards, leading risk reviews of business partners and other vendors, as well as, lead the department’s annual risk assessment.
You will also work with other team members to ensure the appropriate controls are being put in place for people, processes and technology to meet regulatory requirements.

The candidate must possess interpersonal skills with the aptitude to balance business and security requirements when collaborating with cross-functional work groups.
In addition, the candidate will be responsible for tracking and reporting compliance gaps and risks to closure.

Key responsibilities include:
Maintaining the Information Security Risk Program on a daily basis.
Coordinating and leading the company annual information security risk assessment to meet regulatory requirements including formulating appropriate risk ratings.
Coordinating and managing the 3rd party vendor security control assessments (cloud service providers, managed services, staff augmentation) to ensure compliance with contractual agreements.
Performing randomized audits of internally implemented systems and applications to ensure compliance with IT security policies and standards.
Tracking risk and gap findings and reporting to upper management for visibility and escalation.
Communicate risk treatment methodologies to the appropriate groups.
Participate in external regulatory audits with other team members to communicate current controls.
Review new regulations on a periodic basis for security impact to the company.

Qualifications:
5+ years working in Information Technology with experience in applications or systems
3+ years working in risk assessments or risk management and/or controls audits
Working knowledge of security risk assessments and related frameworks (e.g. NIST, ISO, etc
Working knowledge of security frameworks or compliance standards, preferably in HIPAA/PCI
Working knowledge of vendor management
Excellent communication and written skills
CISSP, CISA, CISM or comparable certification desired
Desire to mature an existing practice