Digile - Manager - Governance/Risk & Compliance

Description:

About the Role:

We are seeking a highly experienced Governance, Risk, and Compliance (GRC) Manager to lead our enterprise risk management and compliance initiatives across regulated industries.

The ideal candidate will have deep expertise in HITRUST CSF, ISO 27001:2022, SOC 2 Type II, NIST 800-53, and other high-trust frameworks relevant to Financial Services and Healthcare environments.

This individual will drive compliance strategy, manage risk assessments, support client audits, and ensure continuous alignment with evolving regulatory and industry standards.

Key Responsibilities:

- Develop, implement, and manage the GRC program aligned with HITRUST CSF, ISO 27001, SOC 2, and other frameworks.

- Lead risk assessments, control testing, and continuous monitoring across business units.

- Collaborate with IT, Security, Legal, and Operations teams to ensure compliance posture is maintained and documented.

- Manage preparation for external audits (HITRUST, SOC 2, ISO, PCI DSS, HIPAA, GLBA, etc.) and coordinate evidence collection.

- Design and maintain policies, standards, and procedures supporting data protection, access control, incident management, and third-party risk.

- Support compliance needs for Financial Services (GLBA, FFIEC, SOX) and Healthcare (HIPAA, HITRUST, HITECH) clients.

- Develop executive-level reporting for risk, compliance, and audit outcomes.

- Act as a trusted advisor to internal teams and clients on best practices in data security and compliance operations.

Required Qualifications:

- Bachelors degree in Information Security, Computer Science, or related field; Masters degree preferred.

- 7+ years of experience in GRC, Risk Management, or Compliance in regulated industries (Financial Services, Healthcare, or SaaS).

- Hands-on experience implementing or managing HITRUST CSF certification projects.

- Strong knowledge of ISO 27001:2022, SOC 2 Type II, NIST 800-53/171, HIPAA, GLBA, PCI DSS, and related frameworks.

- Familiarity with risk management platforms (e.g., Archer, ServiceNow GRC, OneTrust, or ZenGRC).

- Exceptional written and verbal communication skills with ability to interface with executive leadership and auditors.

- Proven record of cross-functional leadership and the ability to operationalize compliance frameworks in large, complex environments.

Preferred Certifications:

- HITRUST CCSFP / CHQP.

- CISM, CISSP, CISA, CRISC, or ISO 27001 Lead Implementer/Auditor.

- Additional certifications in Healthcare Compliance (HCISPP) or Financial Compliance (CRMA, CAMS) are a plus.