*Candidates must be local to the Washington D.C. metro area.
About Infinitive:
Infinitive is a Data and AI consultancy that enables global brands to deliver results through insights innovation, and efficiency. We possess deep industry and technology expertise to drive and sustain adoption of new capabilities. We match our people and personalities to our clients' culture while bringing the right mix of talent and skills to enable high return on investment.
Infinitive has been named "Best Small Firms to Work For" by Consultancy Magazine 6 times. Infinitive has also been named a Washington Post "Top Workplace", Washington Business Journal "Best Places to Work" and Virginia Business "best Places to Work."
About this Role:
Infinitive is looking for candidates who are accountable, passionate, assertive, proactive, open & honest, results oriented, and adaptable. We are seeking an experienced IT GRC (Governance, Risk, and Compliance) Manager to join our dynamic team. As an IT GRC Manager, you will play a critical role in assisting our clients in managing and mitigating information technology-related risks and ensuring compliance with relevant regulations and industry standards.
We are currently looking for an IT GRC Manager who will:
Provide expert guidance and support to clients in developing and implementing IT governance frameworks, policies, and procedures.
Conduct comprehensive risk assessments to identify potential vulnerabilities and gaps in IT systems, processes, and controls.
Collaborate with clients to develop risk mitigation strategies and action plans, ensuring alignment with industry best practices and regulatory requirements.
Assist in the design and implementation of effective IT controls and monitoring mechanisms to ensure compliance with internal policies and external regulations.
Conduct periodic audits and assessments of IT infrastructure, systems, and processes to evaluate compliance levels and identify areas for improvement.
Stay abreast of emerging industry trends, regulatory changes, and security threats to proactively assess their impact on clients' IT GRC programs.
Provide recommendations for remediation and improvement based on risk assessment findings and best practices.
Additionally, the ideal candidate has:
Conducted training and awareness sessions for clients' employees to enhance understanding and adherence to IT governance and compliance requirements.
Collaborated with cross-functional teams, including IT, legal, and compliance departments, to ensure effective integration of IT GRC initiatives.
Maintained accurate documentation, including risk assessment reports, control frameworks, policies, and procedures.
Required Qualifications:
Bachelor's degree in computer science, Information Technology, or a related field.
Minimum of 6 years of experience in IT GRC consulting or a similar role.
Experience working for a transformation or technology consulting firm.
Deep understanding of IT governance frameworks such as COBIT, ISO 27001, NIST Cybersecurity Framework, and other relevant standards.
Strong knowledge of risk assessment methodologies and tools, including vulnerability scanning, penetration testing, and threat modeling.
Familiarity with regulatory compliance requirements, such as GDPR, HIPAA, PCI DSS, or SOX.
Experience in conducting IT audits, control assessments, and developing remediation plans.
Excellent analytical and problem-solving skills, with the ability to identify and address risks effectively.
Strong communication and interpersonal skills to effectively interact with clients and stakeholders at all levels.
Ability to work independently and as part of a team, managing multiple projects simultaneously and meeting deadlines.
Desired Qualifications:
Professional certifications such as CISA (Certified Information Systems Auditor), CRISC (Certified in Risk and Information Systems Control), CISSP (Certified Information Systems Security Professional), or equivalent ISACA certifications are highly desirable.
Experience supporting financial services or insurance organizations is highly desired.
Applicants for employment in the U.S. must possess work authorization which does not require sponsorship by the employer for a visa.