**We've made a lot of progress since opening the doors in 1942, but one thing has never changed - our commitment to serve, heal, lead, educate,** **and innovate. We believe** **that every award earned, every record broken and every patient helped is because of the dedicated employees who fill our hallways.** **At Ochsner, whether you work with patients** **every day** **or support those who do, you are making a difference and that matters. Come make a difference at Ochsner Health and discover your future today!** We are seeking an experienced and highly motivated GRC Manager to lead our Governance, Risk, and Compliance (GRC) function. Reporting directly to the Cybersecurity Director, the GRC Manager will oversee a team of GRC Engineers and be responsible for developing, maintaining, and optimizing the organization’s information security risk management and compliance frameworks. This role is critical in ensuring regulatory compliance, managing third-party risk, and enabling secure business operations. To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable qualified individuals with disabilities to perform the essential duties. This job description is a summary of the primary duties and responsibilities of the job and position. It is not intended to be a comprehensive or all-inclusive listing of duties and responsibilities. Contents are subject to change at the company’s discretion. **Key Responsibilities:** **Team Leadership & Strategy** Lead, mentor, and manage a team of GRC Engineers, fostering professional growth and alignment with organizational objectives. Develop and execute GRC strategies that align with enterprise cybersecurity goals and business priorities. Establish and monitor key performance indicators (KPIs) and metrics for the GRC function. **Governance & Policy Management** Develop, maintain, and enforce cybersecurity policies, standards, and procedures in accordance with industry best practices and regulatory requirements (e.g., NIST, ISO 27001, SOC 2, PCI-DSS, HIPAA). Coordinate with internal stakeholders to ensure policy adherence across the organization. **Risk Management** Own and operate the enterprise risk management process related to information security. Identify, assess, prioritize, and track remediation of cybersecurity risks. Facilitate risk assessments, control testing, and remediation plans. **Compliance & Audit Support** Ensure ongoing compliance with applicable regulations and frameworks. Prepare for and support internal and external audits, including gathering evidence and coordinating responses. Maintain documentation and audit logs in support of compliance efforts. **Third-Party Risk Management** Oversee third-party security reviews and risk assessments. Collaborate with procurement and legal to ensure vendors meet security and compliance requirements. **Training & Awareness** Support security awareness training initiatives in partnership with internal communications and HR teams. Drive continuous improvement of compliance education across departments. **Qualifications:** **Education & Experience:** Bachelor’s degree in information security, Computer Science, Business, or a related field (Master’s preferred). 5–8+ years of experience in information security, with at least 2–3 years in a GRC leadership or management role. Experience managing teams and working cross-functionally with legal, IT, engineering, and business stakeholders. Combination of education and experience acceptable. **Certifications (Preferred):** CISSP, CISM, CRISC, CISA, or similar GRC-related certifications. **Skills & Knowledge:** In-depth understanding of security frameworks such as NIST CSF, ISO 27001, SOC 2, and regulatory requirements. Familiarity with GRC tools and platforms (e.g., Archer, ServiceNow GRC, LogicGate). Strong project management and communication skills. Ability to interpret technical and business needs and translate them into risk mitigation actions. The above statements describe the general nature and level of work only. They are not an exhaustive list of all required responsibilities, duties, and skills. Other duties may be added, or this description amended at any time. Remains knowledgeable on current federal, state and local laws, accreditation standards or regulatory agency requirements that apply to the assigned area of responsibility and ensures compliance with all such laws, regulations and standards. This employer maintains and complies with its Compliance & Privacy Program and Standards of Conduct, including the immediate reporting of any known or suspected unethical or questionable behaviors or conduct; patient/employee safety, patient privacy, and/or other compliance-related concerns. The employer is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, or disability status. **Physical and Environmental Demands:** The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. Medium Work - Exerting 20 to 50 pounds of force occasionally, and/or 10 to 25 pounds of force frequently, and/or greater than negligible up to 10 pounds of force constantly to move objects. (Constantly: activity or condition exists 2/3 or more of the time) to move objects. Physical demand requirements are in excess of those for Sedentary Work. Even though the weight lifted may be only a negligible amount, a job should be rated Light Work: (1) when it requires walking or standing to a significant degree; or (2) when it requires sitting most of the time but entails pushing and/or pulling of arm or leg controls; and/or (3) when the job requires working at a production rate pace entailing the constant pushing and/or pulling of materials even though the weight of those materials is negligible. NOTE: The constant stress and strain of maintaining a production rate pace, especially in an industrial setting, can be and is physically demanding of a worker even though the amount of force exerted is negligible. Normal routine involves no exposure to blood, body fluid or tissue and as part of their employment, incumbents are not called upon to perform or assist in emergency care or first aid. The incumbent has no occupational risk for exposure to communicable diseases. Because the incumbent works within a healthcare setting, there may be occupational risk for exposure to hazardous medications or hazardous waste within the environment through receipt, transport, storage, preparation, dispensing, administration, cleaning and/or disposal of contaminated waste. The risk level of exposure may increase depending on the essential job duties of the role. **Are you ready to make a difference? Apply Today!** **_Ochsner Health does not consider an individual an applicant until they have formally applied to the open position on this careers website._** _Individuals who reside in and will work from the following areas are not eligible for remote work position_ _: Colorado, California, Hawaii, Illinois, Maryland, Minnesota, New Jersey, New York, Vermont, Washington,_ _and Washington D.C._ **_Ochsner Health endeavors to make our site accessible to all users. If you would like to contact us regarding the accessibility of our website, or if you need an accommodation to complete the application process, please contact our HR Employee Solution Center at 504-842-4748 (select option 1) or_** **_careers@ochsner.org_** **_. This contact information is for accommodation requests only and cannot be used to inquire about the status of applications._** Ochsner is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to any legally protected class, including protected veterans and individuals with disabilities.