Associate Compliance Manager

The Opportunity

Huron is redefining what a global consulting organization can be. Advancing new ideas every day to build even stronger clients, individuals and communities. We’re helping our clients find new ways to drive growth, enhance business performance and sustain leadership in the markets they serve. And, we’re developing strategies and implementing solutions that enable the transformative change they need to own their future.
As a member of the Huron corporate team, you’ll help to evolve our business model to stay ahead of market forces, industry trends and client needs. Our accounting, finance, human resources, IT, legal, marketing and facilities management professionals work collaboratively to support Huron’s collective strategies and enable real transformation to produce sustainable business results.
Join our team and create your future

Position SummaryHuron Consulting Group’s Corporate Security and GRC team is tasked with managing and directing the global enterprise information security program. The team is responsible for the oversight and coordination of security efforts and Governance, Risk, and Compliance (GRC) across the company. Huron is looking to hire an Associate Manager - Compliance, that will work collaboratively within the Corporate Security GRC team, and with key stakeholders across the company including IT, HR, Legal, Finance, Procurement, and Business Units (BUs), including Consulting-Healthcare, Consulting-Education, and Digital.Qualifications

Description:

The IT GRC Associate Manager - Compliance provides oversight to verify compliance to business needs for IT related security and/or risk. This person is responsible for the assessment and communication of efforts needed to maintain an acceptable technology risk profile. The IT GRC Associate Manager - Compliance will remain current with industry trends and communicate requirements to both Corporate and Technology teams, they will assist in the strategy of emerging security technologies based on need, providing input on compliance needs for implementation of new strategies and resources. This position may lead projects and as such may coordinate activities across multiple teams to achieve desired results. 

The person in this role oversees the execution or implementation of Integrated Risk Module within the GRC Tool. Makes decisions based on functional and company objectives and allocated resources. This position will work collaboratively with all areas of IT at Huron Consulting Group. Frequently interacts with subordinates, customers, and/or functional peer group members, normally involving matters between functional areas, other company groups or units, or customers and the company. This position contributes to measurable team and organization objectives. This candidate must be comfortable working on multiple initiatives and actively engaging with different teams

Key Responsibilities:

• GRC tool Subject Matter Expert, provide input on GRC tool short- and long-term strategic roadmap
• Lead team to coordinate internal and external resources to perform audits, regulatory compliance and penetration testing of Huron systems security, and selection and execution of Security Awareness training exercises. Security audits may include, but are not limited to: ISO, SOX, HIPAA and GDPR compliance.
• IT Policy and Procedure creation and review
• Identification of Process Improvements to meet acceptable risk profile, communication and collaboration with appropriate teams to get initiatives prioritized and scheduled
• Review Disaster Recovery Plans and Test Results to verify meets Business Continuity Plan requirements 
• Coordinate Business Continuity Planning with corporate compliance office for testing
• Review contracts, SOWs, RFIs, RFPs, Engagement Letters, and Compliance Requests. Coordinate responses with appropriate technology teams
• Train and mentor other technology teams on industry trends and external clients as necessary
• Liaise with Internal Audit, External Audit, and the Office of General Counsel and Risk Management to remediate new and outstanding issues and track security-related issues

Qualifications:

• At least 3-4 years of enterprise experience with GRC tools such as ServiceNow, Archer or MetricStream in a support/administrative and / or developer/implementation role across an enterprise, including but not limited to:
  • Knowledge of GRC platform design, installation and control panel configuration based on customer requirements.
  • Analyze and investigate problems reported by customers, document the results and root cause analysis, and design and implement a resolution.
  • Experience in various enterprise functions, including audit, risk, policy, compliance management, business continuity, operational risk, incident management, vendor risk, asset management, and/or security operations.
  • Customize and configure GRC tools to align with the Huron’s specific needs and compliance requirements.
  • Create and build data flow and other process documentation to align with the requirements.
• Industry knowledge of security issues and trends.
• Industry knowledge of data protection methods including, but not limited to, data encryption and defense in depth.
• Exceptional communication skills including the ability to communicate effectively with people at all levels in the organization, including senior leadership throughout the organization and to communicate to technical and non-technical people.
• Strong project management skills desired.
• Process oriented and a person with strong analytical skills
• Highly self-reliant, motivated and able to take ownership of tasks through completion
• Excellent organizational skills to prioritize and manage multiple tasks
• Ability to lead a team to complete multiple projects simultaneously
• Must be able flexible with work hours and be able to work and coordinate with teams during US business hours

Experience:

• 6+ years experience in Information Security or a related field
• 6+ years experience in a technology related role
• Experience in IT Infrastructure a plus

Education:

• Bachelor’s or Master’s degree in technology, engineering, or business studies with information security major/ minor along with deep interest in technology risk, security and IT governance.
• Demonstrated progression in continuing education and/or relevant technical certifications a plus, for example: CISA, CISM, CISSP, ISO 27001 Certified Internal Auditor, SANS Institute GCIA, GCFW or GCIH.

Skills:

• ServiceNow Certified Implementation Specialist (any one or more areas e.g. Risk and Compliance, ITSM, HRSD, CSM etc.)
• Professional certification in Information Security, Risk Management or Audit such as CISM, CRISC, CISSP, HCISPP or Security +, CISA, Certified ISO 27001: 2022 Lead Auditor and PMP is a plus. 
• Proficient with Microsoft Office Suite  

Posting CategoryCorporateOpportunity TypeRegularCountryIndia