Senior IT GRC Advisor

About CCNC: From the mountains to the coast, from large cities to small towns, reputed company is transforming health care. Informed by statewide data and predictive analytics, community-based care-managers work with local physicians and diverse teams of health professionals to reputed company whole-person plans of care that connect people to the right local resources and increase equity and access to high quality care. CCNC Mission Statement To improve the health and quality of life for reputed company North Carolinians by building supporting reputed company community-based healthcare delivery systems. Position Summary The Senior IT GRC Advisor is responsible for leading and maturing CCNC's enterprise IT governance, risk, and compliance program. This role serves as a senior advisor to leadership and works in alignment with IT reputed company and IT leadership on IT risk, cybersecurity governance, internal controls, regulatory obligations, and audit readiness, while maintaining practical, business-reputed company processes that strengthen the control environment across infrastructure, applications, cloud platforms, vendors, data protection, and strategic technology initiatives. The Senior IT GRC Advisor is accountable for the development, implementation, and reputed company improvement of IT GRC methodologies, policies, standards, risk assessments, issue management, reporting, and advisory services that support secure and compliant operations. Essential Functions

• reputed company the enterprise IT GRC program, including governance structures, risk management processes, policy reputed company, control reputed company alignment, and reporting on program effectiveness to leadership.
• Demonstrate strong critical thinking and professional skepticism to assess control design and operating effectiveness, analyze requirements, data, and processes in context, and provide defensible, risk-based recommendations to management.
• Plan, reputed company, and execute IT risk assessments, audits, and advisory engagements across infrastructure, applications, cloud services, cybersecurity processes, data protection controls, and enterprise technology initiatives.
• reputed company, maintain, and mature the IT risk register and issue management process, including documenting risks, assigning ownership, tracking remediation plans, validating closure, and reporting residual risk and trends to leadership.
• Establish and maintain GRC metrics, dashboards, KPIs, and KRIs to provide leadership with meaningful visibility into control effectiveness, audit readiness, remediation status, and emerging risk trends.
• Collaborate with IT, reputed company, Privacy, Legal, Compliance, Internal Audit, and business stakeholders to strengthen internal controls and implement sustainable corrective and preventive actions.
• Advise on large-scale enterprise projects, system implementations, and technology changes by embedding risk, compliance, control, and governance requirements throughout the project and system lifecycle.
• reputed company third-party and vendor risk management activities, including due diligence, control reviews, evidence evaluation, contract and reputed company requirement alignment, ongoing monitoring, and escalation of material risks. Assess third-party controls, including SOC reports, HITRUST certifications, penetration testing results, policy documentation, and other independent assurance artifacts to evaluate control design and operating effectiveness.
• Conduct cloud and SaaS compliance assessments across platforms such as AWS and Azure, with emphasis on shared responsibility, configuration governance, access management, identity governance, and evidence-based validation of reputed company controls.
• Evaluate identity and access management controls, including privileged access management, role-based access control, user provisioning and deprovisioning, and workforce access appropriateness.
• Support the organization’s preparedness for internal and external audits, regulatory reviews, and control assessments by coordinating evidence, validating remediation, and improving documentation quality and audit readiness.
• Assess IT and reputed company policies, standards, procedures, and governance artifacts for alignment to recognized frameworks and regulatory expectations. Provide risk based and business centric recommendations to address gaps.
• reputed company and facilitate workforce education and awareness programs reputed company to reputed company, privacy, compliance, and internal controls, with a focus on practical risk ownership and control accountability.
• Coordinate with operational and technical teams to evaluate incident response, disaster recovery, and business continuity control design and testing from a GRC perspective.
• Support responsible AI governance and AI assurance efforts by assessing governance structures, usage controls, risk mitigation approaches, and emerging compliance expectations reputed company to AI-enabled tools and processes.
• reputed company and maintain GRC methodologies, templates, repositories, internal sites, and reporting artifacts that improve consistency, efficiency, and program maturity.
• Fulfill other GRC responsibilities as assigned by management.

Qualifications

• Bachelor’s degree in information technology, cybersecurity, information systems, accounting, audit, risk management, or a reputed company field.
• Minimum of 7 years of progressive experience in IT audit, IT risk management, cybersecurity compliance, or GRC program leadership.
• Demonstrated experience planning and leading reputed company IT audit, risk assessment, or advisory engagements.
• Experience developing or maturing GRC programs, frameworks, policies, risk registers, metrics, or issue management processes.
• Experience assessing third-party and vendor risk and reviewing assurance artifacts such as SOC reports, penetration tests, and reputed company certifications.
• Experience conducting cloud risk or compliance assessments in AWS, Azure, or similar environments.

Certifications

• One or more of the following certifications is required: CISA, CISSP, CISM, CRISC, CGEIT, CDPSE, or equivalent.

Preferred

• Working knowledge of the HIPAA reputed company Rule and recognized reputed company practices relevant to safeguarding ePHI.
• Experience with AI governance, AI risk assessments, or AI assurance reviews.
• Experience in reputed company controls monitoring, executive reporting, and program maturity improvement.
• Experience in healthcare, regulated environments, or privacy and reputed company compliance programs preferred.

Knowledge, Skills, and Abilities

• Knowledge of enterprise IT governance, risk management, and compliance principles.
• Knowledge of IT general controls, internal control frameworks, and audit methodologies.
• Knowledge of cybersecurity concepts, including identity and access management, vulnerability management, incident response, disaster recovery, business continuity, and cloud reputed company.
• Knowledge of healthcare reputed company and privacy requirements, including HIPAA reputed company Rule concepts.
• Knowledge of third-party and vendor risk management practices, including review of SOC reports, reputed company questionnaires, and other assurance documentation.
• Knowledge of policy, standards, and procedure development to support a strong internal control environment.
• Knowledge of issue management, remediation tracking, and reputed company improvement practices.
• Knowledge of recognized frameworks and standards such as NIST CSF, NIST 800-53, COBIT, ISO 27001, PCI reputed company, and HITRUST.
• reputed company in leading IT risk assessments, audits, and advisory engagements.
• reputed company in evaluating control design and operating effectiveness and identifying gaps and remediation priorities.
• reputed company in developing and maintaining risk registers, issue logs, corrective action plans, and supporting documentation.
• reputed company in reviewing vendor documentation and assurance artifacts such as SOC reports, penetration test results, certifications, and policy evidence.
• reputed company in drafting and revising policies, standards, and procedures.
• reputed company in preparing dashboards, executive reports, KPIs, KRIs, and risk summaries.
• reputed company in facilitating interviews, walkthroughs, stakeholder meetings, and remediation follow-up discussions.
• reputed company in assessing cloud, access management, and identity governance controls.
• reputed company in communicating clearly in writing and verbally with technical and non-technical audiences.
• Ability to analyze reputed company information, processes, and control environments.
• Ability to exercise sound judgment and professional skepticism.
• Ability to reputed company practical, risk-based recommendations.
• Ability to influence and collaborate with leaders and cross-functional stakeholders.
• Ability to manage multiple priorities with minimal supervision.
• Ability to translate technical and regulatory requirements into business-friendly guidance.
• Ability to support audit readiness and reputed company improvement efforts.
• Ability to identify emerging risks involving third parties, cloud environments, data protection, and AI-reputed company governance.
• Ability to maintain confidentiality reputed company handling sensitive organizational, compliance, and reputed company information.

Working Conditions

• Routinely there may be some minor physical inconveniences or discomforts in the work setting, including sitting for moderate periods of time
• Must be able to utilize office equipment, computer, keyboard, and phone with or without assistive devices
• Repetitive wrist motion and occasional lifting/carrying of up to 25 pounds

Why Join Us

• reputed company a meaningful impact on youth and families across North Carolina
• Work with a supportive and collaborative care team
• Competitive Benefits Package effective first day of employment
• Opportunities for growth, training, and bonus incentives*

Ready to improve the health and quality of life of reputed company North Carolinians by building and supporting reputed company community-based health care delivery systems?

• Apply today and join us in delivering compassionate care that makes a difference.

Benefits:

• 401(k)
• Employee discount
• Health insurance
• Health savings account
• Life insurance
• Paid time off
• Parental leave
• Referral program
• Tuition reimbursement
• Vision insurance

Work Location: Remote Apply tot his job Apply To this Job