Governance, Risk & Compliance (GRC) Lead – Information Security & Risk

Governance, Risk & Compliance (GRC) Lead – Information Security & Risk At iCareManager (iCM), we build cloud‑based software that empowers care teams serving individuals in long‑term care, IDD, and case management programs. As we expand our technology and operations, maintaining the highest standards of data security and compliance is a top priority.

Role Overview The

GRC Lead

will develop, implement, and maintain iCareManager’s governance, risk, and compliance framework. The role ensures continued compliance with

SOC 2 Type 2 ,

HIPAA , and other regulatory and security frameworks, while driving consistent, measurable processes across departments.

This position connects three key areas of iCM’s security model :

GRC & Compliance Oversight

(this role)

Internal IT Security Operations

External Managed Detection and Response (MDR) Partner

While this is not a hands‑on technical role, it requires strong understanding of IT and security controls to ensure governance, documentation, and accountability are in place.

Key Responsibilities

Lead and sustain SOC 2 Type 2 certification, ensuring alignment with Trust Services Criteria.

Administer and manage the

Vanta compliance automation platform

— track controls, evidence, and remediation.

Translate company policies into department‑level procedures and monitor compliance activities.

Conduct quarterly and annual

risk assessments ; maintain the

Risk Register

with mitigation tracking.

Serve as liaison between IT Security and MDR provider to ensure continuous monitoring and evidence collection for audits.

Coordinate external audits and ensure timely collection of compliance documentation and evidence.

Maintain a

compliance calendar

covering monthly policy checks, quarterly internal audits, and annual risk assessments.

Track and report control status, incidents, and audit findings to closure with department heads.

Drive company‑wide security and compliance awareness training.

Promote a culture of proactive compliance, governance, and continuous improvement.

Requirements Required Qualifications

Bachelor’s degree in Information Technology, Computer Science, Cybersecurity, or related field.

5–7 years of combined experience in IT Security, Compliance, Governance, or Risk Management.

Practical knowledge of frameworks like

SOC 2, HIPAA, ISO 27001, and NIST .

Experience performing internal audits, risk assessments, and control implementation.

Familiarity with compliance automation platforms ( Vanta preferred ).

Excellent communication and documentation skills; able to bridge technical and non‑technical teams.

Preferred Certifications

One or more of :

CISM, CISSP, CRISC, CISA, or ISO 27001 Lead Implementer / Auditor .

Experience in SaaS, cloud environments (AWS or Azure), and vendor risk management.

Growth Path This is a

high‑visibility role

with strong career advancement opportunities. As iCareManager continues to scale its governance and operational maturity, the GRC Lead will play a pivotal role — with potential growth into positions such as

Director of Security Governance ,

Head of GRC , or

Operations Director

overseeing broader enterprise functions.

#J-18808-Ljbffr