legal
Posted 1 weeks agoGovernance, Risk & Compliance (GRC) Manager
New York City, United StatesOn-site
Responsibilities
- Design and implement governance frameworks, including reporting, policy governance, and control oversight
- Build and lead a governance committee structure that provides appropriate oversight and decision-making
- Create governance dashboards and metrics to provide visibility into program maturity and effectiveness
- Develop and operate a comprehensive Enterprise Risk Management (ERM) program
- Conduct regular enterprise-wide risk assessments and maintain a dynamic risk register
- Build and maintain business continuity and disaster recovery programs, including regular testing and tabletop exercises
- Implement third-party risk management processes, including vendor risk assessments, contract reviews, and ongoing monitoring
- Create risk treatment plans and track remediation activities across the organization
- Facilitate risk-informed decision-making at all levels of the organization
- Coordinate with functional leaders to ensure risks across all business areas are identified and managed appropriately Compliance
- Own audit and certification programs including SOC 2, ISO 27001, HIPAA, and other relevant standards
- Develop and maintain compliance monitoring programs to track regulatory changes and work with the legal team to assess impact
- Monitor and ensure adherence to industry-specific regulatory
- Manage security awareness training programs enterprise-wide
- Conduct internal audits and assessments to validate control effectiveness
- Coordinate external audits and assessments with third-party auditors Business Enablement
- Support sales and customer success teams with compliance documentation and security inquiries
- Develop customer-facing materials that articulate Sigma's risk management and compliance posture
- Complete and manage responses to customer security questionnaires and assessments (VSAs, SIGs, custom questionnaires)
- Enable efficient deal cycles by maintaining ready-to-use compliance artifacts, trust center content, and documentation
- Track record of successfully leading certification audits (SOC 2, ISO 27001, HIPAA, or similar) •