IT Risk Manager

This is an excellent opportunity for an IT Risk Manager to join our rapidly growing team, and to support our company in driving the continuous improvement of its privacy, security, engineering and AI programs and related control frameworks. The IT Risk Manager reports to the SVP of Data Compliance and Privacy , and is expected to work across multiple business functional teams such as Information Security, Data Privacy, Software Engineering, Legal, Compliance and HR to ensure our company is effectively adhering to industry standard frameworks and best practices, legal and contractual requirements, and in-house policies.

Job Summary:

The role ensures successful and consistent assessment and delivery of security, privacy and IT risk-related compliance program activities, policies, and procedures, and serves to advise and give guidance to the business on how to align with the compliance requirements we are subject to. Particular focus areas will include developing policies and procedures to reflect evolving industry standards, and being involved in day-to-day management and maintenance of privacy and security certifications (HITRUST, NIST, ISO27001, etc.) while ensuring related processes are as lightweight and streamlined as possible, minimizing red tape and simplifying where possible. The role will also have responsibility for performing third party risk management (due diligence of prospective service providers), responding to client requests for information (RFIs) regarding our own privacy and security posture, and supporting the SVP of Information Security and the SVP of Data Compliance and Privacy in the performance of audits to identify and mitigate privacy and security risks as they emerge.

In addition to this, the role may be expected to perform ad-hoc audits or reviews of business processes as requested by senior leadership, and help set the direction across a broad spectrum of emerging technology risks (e.g. AI governance, open source software licensing, deployment of Governance, Risk and Compliance tools, etc.).

To be successful in this role, you will have proven ability in internal and/or external IT risk or audit functions related to information security and privacy, as well as a track record of promoting awareness, understanding, and practical application of privacy and security policies and principles across organizational boundaries, performing audits and assessments, and providing guidance to enable operational alignment with the requirements of security and privacy frameworks and regulations. Any prior knowledge or experience in performing AI governance audits or risk assessments, software development lifecycle audits, or experience performing contract reviews for vendors, clients or open source software licenses would also be a plus.

You will have an in-depth knowledge of one or more security and privacy industry standards and compliance-related frameworks (for example HITRUST, ISO27001, NIST, SOX, GDPR, HIPAA, FedRamp, etc.). Familiarity with the healthcare or medical device industries and the nature of their data processing activities would be a significant plus, as would experience with implementing or managing audit programs or key domains within them. Proven experience in third party risk management or client-facing roles supporting client due diligence efforts would also be advantageous.

This is a hybrid working role.

 Duties and Responsibilities

• Support the SVP Data Compliance and Privacy and SVP of Information Security in continual assessment and enhancement of the company's security and privacy control framework and policies, identifying areas of risk or non-compliance and supporting in mitigation and/or remediation.
• Conduct formally documented audits of Information Security and Data Protection related domains, summarizing findings and risks, and working with leadership to communicate and implement remediation plans in areas such as Access Control, Change Management, Incident Response, Software Development, Third Party Risk Management, Business Continuity, AI Governance, etc.
• Support Legal, Compliance, Information Security, and the wider business in performing due diligence and contracting with new third parties. This will involve assessing third party vendors’ privacy and security controls and standards, and coordinating across the business to communicate and remediate risks associated with new third party relationships.
• Support in other compliance audit activities, for example responding to customer requests regarding our security program, or working closely with the DPO to document personal data processing activities as part of our GDPR and HIPAA compliance programs, or our AI governance program.
• Act as a point of contact with internal teams to promote awareness and understanding of privacy and security regulatory and control requirements, as well as related company policies and procedures.
• Other duties as assigned by Legal, Privacy, Compliance, Information Security or related leadership.

 Requirements

• Minimum 3 years of experience in performing privacy and security audits against established control frameworks.
• Minimum 3 years of experience in creating or enhancing privacy and security control frameworks, policies, and procedures.
• Strong familiarity with computer security systems/critical security controls and related industry standards for privacy and security, such as HITRUST, ISO27 series, NIST, SOX or SOC2 requirements and their implementation.
• Some familiarity with data privacy and AI laws such as GDPR, HIPAA, US state privacy laws, or the EU AI Act would be a plus.
• Experience in third party risk management or client-facing security, privacy, or audit advisory roles.
• Ability to handle confidential information.
• Ethical, with the ability to remain tactful, impartial and escalate all instances of noncompliance through established reporting channels.
• Organizational skills with attention to detail.

 Additional Skills/Certifications (preferred)

• Security or IT Audit certifications such as CISSP, CIPM, CISA, or CRISC.
• Privacy certifications such as CIPP/US, CIPP/E, CIPM, CIPT, or AIGP.
• Educational or professional background in Information Management, Security, Computer Science, IT Audit, or similar.

 The base salary range for this role is €70.000 - €85.000.

Benefits: 

Alongside base salary we offer a range of benefits including: 

• Health insurance and an Employee Assistance Programme 
• Pension
• LetsGetChecked has a flexible annual leave policy
• Annual Compensation Reviews
• 3 paid volunteer days per year
• Free monthly LetsGetChecked tests as we are not only focused on the well being of our patients but also the well being of our teams
• A referral bonus programme to reward you for helping us hire the best talent
• Internal Opportunities and Careers Clinics to help you progress your career within the company
• Maternity, Paternity, Parental and Wedding leave