Manager, Cybersecurity Governance & Risk
Company: Vibrant Emotional Health
Location: New York
Posted on: November 20, 2023
Manager, Cybersecurity Governance & Risk
# of Openings:
Position Title: Manager, Cybersecurity Governance & Risk
Salary Range: $104,000 - $120,000
Department: Information Technology
Reports to: Director of Cybersecurity
Schedule: M-F, 9-5 EST
Formerly the Mental Health Association of New York City (MHA-NYC),
Vibrant Emotional Health's groundbreaking solutions have delivered
high quality services and support, when, where and how people need
it for over 50 years. Through our state-of-the-art
technology-enabled services, community wellness programs, and
advocacy and education work, we are building a society in which
emotional wellness can be a reality for everyone.
The Manager of Governance and Risk is responsible for overseeing
and managing the information technology governance, risk
management, and compliance functions within Vibrant Technology. The
Manager of Governance and Risk develops and implements policies,
procedures, and controls to ensure the IT infrastructure and
processes are aligned with industry best practices and regulatory
requirements. In addition, will also collaborate with
cross-functional teams, including IT, security, legal, and
organization stakeholders, to establish a robust governance
framework and manage risks effectively.
- Develop and maintain IT governance frameworks, standards, and
policies and collaborate with senior leadership to establish and
enforce IT governance practices.
- Monitor and ensure compliance with IT policies and guidelines
throughout the organization.
- Implement IT governance metrics and reporting mechanisms to
evaluate the effectiveness of governance initiatives.
- Conduct IT risk assessments to identify and prioritize
potential threats and vulnerabilities to develop risk mitigation
strategies and action plans in alignment with business
- Monitor and assess IT risks on an ongoing basis and make
recommendations for risk reduction.
- Lead incident response and disaster recovery efforts in the
event of a security breach or IT-related incident.
- Stay abreast of relevant laws, regulations, and industry
standards related to IT and data security.
- Establish and manage compliance programs to ensure adherence to
applicable regulations (e.g., GDPR, HIPAA, HITRUST).
- Coordinate with internal and external auditors to facilitate IT
audits and compliance assessments.
- Implement corrective actions and improvements based on audit
findings and recommendations.
- Evaluate third-party vendors' security and compliance practices
to minimize potential risks, establish vendor risk assessment
processes and monitor vendor compliance with contractual
obligations to ensure that vendors meet the organization's security
and data protection requirements.
- Conduct IT security and compliance training for employees to
promote a culture of security awareness.
- Develop and distribute educational materials on IT best
practices, policies, and procedures.
- Provide regular updates and reports to senior management on IT
governance, risk, and compliance status and communicate IT security
and compliance matters to non-technical stakeholders in a clear and
- Contribute to and/or lead other department specific and
Knowledge & Experience
- Demonstrated expertise in governance, risk, and compliance
management methodologies, frameworks, and best practices.
Proficient in assessing, developing, and implementing GRC
strategies to address organizational risks and ensure compliance
with relevant regulations and standards.
- Ability to conduct comprehensive risk assessments across
various business functions and IT systems. Skilled in identifying
potential risks and vulnerabilities and developing effective risk
mitigation plans and controls.
- Solid understanding of relevant laws, regulations, and security
risk management frameworks (e.g., ISO 27001, NIST Cybersecurity
- Proficient in designing and implementing internal controls to
protect assets, prevent fraud, and maintain data integrity.
Experienced in coordinating and facilitating internal and external
audits and addressing audit findings.
- Ability to develop and maintain clear, concise, and
comprehensive policies, procedures, and guidelines related to GRC.
Skilled in ensuring policies are accessible, understood, and
adhered to by stakeholders.
- Competent in developing and delivering GRC training and
awareness programs for employees and stakeholders. Capable of
fostering a culture of compliance and risk consciousness throughout
- Skilled in managing and responding to security incidents,
breaches, or compliance violations. Proficient in analyzing root
causes and implementing corrective actions to prevent future
- Knowledgeable in evaluating and managing risks associated with
third-party vendors and partners. Capable of conducting due
diligence and ensuring contractual obligations address potential
- Strong project management and leadership skills.
- Excellent communication and interpersonal skills, with the
ability to influence and collaborate across different
- Demonstrated ability to collaborate effectively with
- Analytical mindset with a focus on problem-solving and
Formal Education, Certification & Experience
- Bachelor's degree in business, risk management, information
technology, or equivalent professional experience. Master's degree
would be a plus.
- Relevant certifications such as HITRUST, CRISC, CISA, CISM, or
GRC-specific certifications are preferred.
- Minimum 5 years of experience in IT governance, risk
management, and compliance roles.
- 3-5 years experience managing or leading a team
- Experience in conducting risk assessments and implementing risk
Excellent comprehensive benefits, including medical, dental,
vision, supplemental income insurance, pre-tax transit/parking,
pre-tax FSA for medical and dependent care, and 401K available. 4
weeks' vacation, plum benefits, etc.
Studies have shown that women and people of color are less likely
to apply for jobs unless they believe they are able to perform
every task in the job description. We are most interested in
finding the best candidate for the job, and that candidate may be
one who come from a less traditional background. Vibrant will
consider any equivalent combination of knowledge, skills, education
and experience to meet minimum qualifications. If you are
interested in applying, we encourage you to think broadly about
your background and skill set for the role.
Vibrant Emotional Health is an equal opportunity employer.
Applicants are considered for positions without regard to veteran
status, uniformed service member status, race, creed, color,
religion, gender, gender identity, sex, sexual orientation,
citizenship status, national origin, marital status, age, physical
or mental disability, genetic information, caregiver status or any
other category protected by applicable federal, state or local
"Please be aware that fictitious job openings, consulting
engagements, solicitations, or employment offers may be circulated
on the Internet in an attempt to obtain privileged information, or
to induce you to pay a fee for services related to recruitment or
training. Vibrant does NOT charge any application, processing, or
training fee at any stage of the recruitment or hiring process. All
genuine job openings will be posted on our careers page and all
communications from the Vibrant recruiting team and/or hiring
managers will be from an @vibrant.org email address"
Apply for this Position
Apply with Indeed
//below URL is also hard code in
(function() (window.IndeedApply--function(f,g)(function h()(var
Keywords: Vibrant Emotional Health, New York , Manager, Cybersecurity Governance & Risk, Executive , New York, New York
Didn't find what you're looking for? Search again!