Brief Description
MDRC is a nonprofit, nonpartisan education and social policy research organization dedicated to improving the lives of individuals, families, and children with low incomes. We are committed to finding solutions to some of the most difficult social problems facing the nation—from reducing poverty and bolstering economic mobility to improving public education and college graduation rates. We design promising new interventions, evaluate existing programs using the highest research standards, and provide technical assistance to build better programs and deliver effective interventions at scale.
The Governance, Risk Management, and Compliance (GRC) Manager will be responsible for assessing, documenting, and maintaining stewardship of MDRC’s compliance and risk posture related to information technology assets. This position aims to provide highly skilled technical and information security expertise for developing and implementing MDRC’s information security risk management program. The GRC Manager will provide leadership and project management expertise to ensure adherence to corporate standards; perform ongoing risk assessment; increase staff awareness through training; develop policies, standards, and guidelines; and ensure that effective and continuous system-wide security analysis and monitoring are taking place.
Responsibilities:
- Lead the development and implementation of the corporate-wide IT risk management program to ensure information security risks are identified and continuously monitored.
- Assess, evaluate, and make recommendations to senior management regarding the adequacy of the security controls for MDRC's information and technology systems and associated business processes.
- Frequently interact with government agencies and internal and external stakeholders to provide evidence of MDRC's compliance to the risk management frameworks that it abides to.
- Develop and implement effective and reasonable policies, procedures, and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation.
- Execute strategy for dealing with increasing audits, compliance checks, and external assessment processes for internal/external auditors, such as NIST 800-53/FISMA/FedRAMP.
- Recruit, train, support, and retain talented IT GRC analysts.
Qualifications:
- A minimum of ten years of experience with IT support, operations, and team management.
- Bachelor’s degree in computer science, information technology, or other relevant field of study or equivalent experience. Master’s degree preferred.
- Extensive knowledge of information security risk frameworks and compliance practices, such as NIST 800-53.
- Knowledge and experiences working in AWS Cloud Engineering, Splunk, Okta, Qualys, Crowdstrike, Qualtrics, Acquia, Box, and other cyber security solutions.
- Demonstration of strong interpersonal, communication, and presentation skills, including formal report writing experience.
- Experience performing risk assessments and information security auditing processes.
Timing: Please see “What to expect from MDRC’s recruitment process” for more information.
Compensation and benefits: Salary range is $130K - $140K and will be commensurate with experience. Comprehensive benefits and relocation assistance offered. Some on-the-job training will be provided.
Location: The position is ideally based in MDRC’s New York or Washington, DC, offices.
Instructions: When submitting your application, please include:
Only candidates selected for further consideration will be contacted. Please note that all interviews (when scheduled) will be conducted via video conferencing.
MDRC is an Equal Opportunity/Affirmative Action employer. No qualified applicant, employee, intern, volunteer, or apprenticeship trainee will be discriminated against on the basis of his, her, or their race (including traits historically associated with race, including but not limited to hair texture and protective hairstyles), color, national origin (including physical, cultural or linguistic characteristics), marriage to or association with persons of a national origin group, tribal affiliation, membership in or association with an organization identified with or seeking to promote the interests of a national origin group, name that is associated with a national origin group, accent, language use, immigration status, citizenship, possession of a driver’s license issued to persons unable to prove their lawful presence in the United States, and other definitions under California or other states’ laws, ancestry, creed, religion, religious creed (including religious dress and grooming practices), age, citizenship, veteran and/or military status, sex (including pregnancy, childbirth, breastfeeding, or related medical conditions), sexual orientation, gender, gender identity (including transgender status), gender expression, gender transitioning or perceived gender transitioning, marital status or civil partnership/union status, physical or mental disability (actual or perceived), medical condition (including cancer and genetic characteristics), genetic information, protected medical leaves (requesting or being approved for leave under the Family and Medical Leave Act) or similar state family medical leave laws, domestic violence victim status, political affiliation, or any other basis prohibited by applicable federal, state or local law. Legal work authorization is required. To request a reasonable accommodation during any stage of MDRC’s employment process due to a disability, please contact HRQuestions@mdrc.org.
MDRC’s dedication to Diversity, Equity, and Inclusion exceed compliance requirements. We believe that recruiting and retaining a diverse workforce of all backgrounds and perspectives improves the quality and relevance of our research, as well as the daily experiences of our staff. By fostering an equitable culture of inclusivity and belonging, we seek an environment in which staff feel welcomed, valued, and engaged in their work.