Position Description

The Governance, Risk, & Compliance (GRC) Manager at the United Network for Organ Sharing (UNOS) plays an integral role in strengthening our security posture. This position is pivotal in building out and continuously improving the GRC program, focusing on compliance management, risk assessment, cybersecurity strategy, & resilience.

The role requires collaboration with the Director and Assistant Director of Information Security, and across the entire organization, to cultivate robust third-party/vendor risk management. The person in this role will develop and evolve audit processes, member security, and training initiatives. The person in this role will collaborate with the Member Security Program Manager to continue to build capabilities for data use and system interconnection agreement management.

Key Responsibilities:

• Lead the development and implementation of GRC strategies, ensuring alignment with industry standards and organizational goals.
• Develop and oversee third-party/vendor security risk assessments, ensuring vendors comply with company and industry security standards.
• Develop internal audit capabilities and manage external audit processes, including preparation, execution, and follow-up actions.
• Maintain Interconnection Security Agreements (ISAs) and Data Use Agreements (DUAs) to ensure secure data sharing practices.
• Work with the Member Security Program Manager to enhance the Member Security program, focusing on attestations, audits, and efficient incident management.
• Build on the existing culture of security mindfulness across the organization by evolving cybersecurity awareness and training programs.
• Ensure compliance with legal, regulatory, and policy requirements in the information security domain.
• Collaborate in the continuous improvement of Information Security across the organization in alignment with NIST guidelines (NIST SP 800-37, NIST SP 800-39, NIST SP 800-53, NIST SP 800-53A, NIST SP 800-137, NIST 800-171) and applicable industry best practices.
• Provide leadership in incident response planning and execution, minimizing impact and ensuring swift recovery.
• Facilitate cross-functional communication to integrate security best practices in various business processes.
• Mentor and lead a team of security professionals, fostering a collaborative and productive work environment.
• Stay abreast of emerging cybersecurity trends, threats, and technologies to inform strategic planning and risk mitigation efforts.

Minimum Requirements

8 years of experience in Information Security, with a focus on Governance, Risk, and Compliance

Critical Skills

• Proven leadership experience in managing teams and cross-functional projects.
• Strong understanding of NIST frameworks, particularly NIST SP 800-37, NIST SP 800-39, NIST SP 800-53, NIST SP 800-53A, NIST SP 800-137, and NIST 800-171.
• Prior experience in managing compliance with legal, regulatory, and policy requirements in information security.
• Familiarity or direct experience with DevSecOps and Zero Trust preferred.

Additional Skills & Qualifications

• Exceptional leadership and team management abilities.
• Excellent communication and people skills, capable of engaging effectively with various stakeholders and articulating risks to non-technical stakeholders.
• Ability to negotiate and influence decision-making processes.
• Strong organizational and project management skills.
• Demonstrated ability to think strategically and execute tactically.
• Robust problem-solving skills with a focus on innovative and efficient solutions.
• Proficiency in risk assessment methodologies and cybersecurity best practices.
• Keen attention to detail and commitment to high-quality standards.

Education

4-year degree in Business Administration, Finance, Accounting, Law, Information Technology, or related field of study, or a related industry credential (e.g., CRISC, CCEP, CISA, CIA, CISM) along with an equivalent level of professional work experience

Physical Requirements

General office demands

UNOS provide equal employment opportunity for all applicants and employees. It will not unlawfully discriminate or permit harassment against any employee or applicant on the basis of race, ethnicity, color, religion, national origin, gender, age, disability, familial or marital status, military or veteran status, sexual orientation, gender identity and expression, genetic information, or any other characteristics or classification protected under applicable law ("protected categories"). This policy applies not only to hiring, but also to working conditions, benefits and privileges of employment, training, appointments for advancement, transfers, layoffs, recalls, terminations of employment and all other terms and conditions of employment.

UNOS is also an affirmative action employer. It takes affirmative action to recruit and provide opportunities for advancement to qualified females and minorities, individuals with disabilities, special disabled veterans and other protected veterans. It hires and promotes based on job-related requirements and individual qualifications. Action is taken to ensure the fulfillment of this policy as to all phases of the employment process including hiring, placement, training, upgrading, transfers and/or demotions, recruiting, layoffs and termination of employment.

UNOS invites individuals with disabilities and protected veterans to identify themselves, if they wish to do so. Such communication will be kept as confidential as possible and will be used only in accordance with the law. Candidates may contact the EEO/AA Officer at to self-identify or request an accommodation.

| | | | |