Sr Cybersecurity Risk Assurance GRC Manager

We are CONNECTING HEALTH AND WEALTH. Come be part of remarkable. 

How you can make a difference  

We are seeking a Sr. Risk Assurance GRC Manager to join our team. You will be part of a team working to identify, evaluate, and report on cybersecurity risks in a manner that meets HealthEquity's internal, regulatory, and client contract requirements. This role involves developing and implementing a comprehensive risk assurance program, focusing on standardizing processes, reducing audit fatigue, and ensuring compliance with various security and compliance frameworks. The ideal candidate will have experience in risk assurance at a public company, preferably in the healthcare or financial sectors, and possess strong knowledge of both on-prem and cloud technologies (e.g., Azure) security controls.

You will work closely with Security, Internal Audit, Enterprise Risk Management, external auditors, and all technology stakeholders across the company to perform security assessments and ensure timely execution of projects and programs while mitigating any security risks against applicable frameworks (e.g., HITRUST, FedRAMP, PCI, NIST CSF, SOX, SOC 1/2, HIPAA). 

What you’ll be doing

• Develop an understanding of HealthEquity business processes and systems to support the Security GRC team. Collaborate with various enterprise and other security teams to plan and support resolution of information security findings and continuous controls monitoring activities. 
• Support the roll out of a risk assurance program tailored to the organization's needs. 
• Standardize technology risk management processes to reduce audit fatigue and improve efficiency. 
• Identify and implement relevant automation opportunities to streamline control testing and reporting. 
• Engage in security and technology policy management, issues management, and risk exceptions monitoring. 
• Drive continuous improvement efforts by identifying opportunities for enhancing security governance, risk management, and compliance practices. 
• Manage identification and rollout of scalable innovative technologies to support security governance, including developing usage policies and guidelines, audit, and control processes. 
• Develop and implement security metrics and key performance indicators (KPIs) to measure the effectiveness of security controls, risk mitigation strategies, and compliance efforts.  
• Develop and integrate a comprehensive cloud security controls and governance process with existing GRC processes. 

What you will need to be successful

• Demonstrated expertise in Information Security Governance, Risk, and Compliance (GRC), IT Compliance, IT Audit, legal, or privacy, as normally obtained through approximately 10 years of professional experience, preferably in a technology-driven environment or a highly regulated industry.
• Proven experience in risk assurance, preferably in a public company.
• Strong understanding of risk management frameworks and compliance requirements.
• Experience with Azure and cloud-based security controls.
• Excellent communication and collaboration skills.
• Ability to adapt to change and manage multiple priorities

#LI-Remote

This is a remote position.

The compensation range describes the typical minimum or maximum base pay range for this position. The actual compensation offer is determined based on job-related knowledge, education, skills, experience, and work location. This position will be eligible for performance-based incentives as part of the total compensation package, in addition to a full range of benefits including:

• Medical, dental, and vision
• HSA contribution and match
• Dependent care FSA match
• Uncapped paid time off
• Adventure accounts
• Paid parental leave
• 401(k) match
• Personal and healthcare financial literacy programs
• Ongoing education & tuition assistance
• Gym and fitness reimbursement
• Wellness program incentives

Why work for HealthEquity 

HealthEquity has a vision that by 2030 we will make HSAs as wide-spread and popular as retirement accounts. We are passionate about providing a solution that allows American families to connect health and wealth. Join us and discover a work experience where the person is valued more than the position. Click here to learn more. 

Come be your authentic self

HealthEquity, Inc. is an equal opportunity employer that is committed to inclusion and diversity. We take affirmative action to ensure equal opportunity for all applicants without regard to race, age, color, religion, sex, sexual orientation, gender identity, national origin, status as a qualified individual with a disability, veteran status, or other legally protected characteristics. HealthEquity is a drug-free workplace. For more information about our EEO policy, or about HealthEquity’s applicant disability accommodation, drug-free-workplace, background check, and E-Verify policies, please visit our Careers page.

HealthEquity is committed to your privacy as an applicant for employment.  For information on our privacy policies and practices, please visit HealthEquity Privacy.