Manager GRC

About Providence

Providence, one of the US's largest not-for-profit healthcare systems, is committed to high quality, compassionate healthcare for all. Driven by the belief that health is a human right and the vision, 'Health for a better world', Providence and its 121,000 caregivers strive to provide everyone access to affordable quality care and services.

Providence has a network of 51 hospitals, 1,000+ care clinics, senior services, supportive housing, and other health and educational services in the US.

Providence India is bringing to fruition the transformational shift of the healthcare ecosystem to Health 2.0. The India center will have focused efforts around healthcare technology and innovation, and play a vital role in driving digital transformation of health systems for improved patient outcomes and experiences, caregiver efficiency, and running the business of Providence at scale.

Why Us?

• Best In-class Benefits
• Inclusive Leadership
• Reimagining Healthcare
• Competitive Pay
• Supportive Reporting Relation

The responsibilities and expectations for a professional specializing in security architecture and risk management within regulated environments. Key duties include conducting comprehensive risk assessments, developing and maintaining security frameworks, managing third-party risks, collaborating with cross-functional teams, and ensuring compliance with industry standards such as HIPAA, ISO, and NIST. The role involves continuous monitoring, reporting to senior management, and driving improvements in security posture. Candidates should demonstrate strong communication skills, expertise in regulatory compliance, and experience in vendor security assessments and risk management practices.

What will you be responsible for?

• Conduct comprehensive security risk assessments for new and existing systems, applications, and network infrastructure.
• Develop, implement, and maintain security frameworks, standards, and best practices across the organization.
• Oversee third-party risk management (TPRM), including due diligence, assessment, and continuous monitoring of vendor security posture.
• Collaborate with IT, engineering, and business teams to identify and mitigate security risks in design and deployment.
• Perform Security Architecture reviews, risk assessments and gap analysis on critical assets and business processes.
• Advise stakeholders on security solutions and controls, ensuring alignment with regulatory and industry standards (e.g., HIPAA, Hi-Trust, ISO, NIST, GDPR).
• Respond to emerging threats and vulnerabilities by recommending and implementing proactive security measures.
• Prepare and deliver clear reports on architectural and risk findings to senior management. Support compliance initiatives and internal or external audits related to security and risk management.
• Drive continuous improvement in security architecture, risk practices, and awareness throughout the organization.
• Participate in special projects and other duties as assigned, driving ongoing improvement in security posture, risk management, and protection of sensitive information.

What would your work week be like?

• Manage TPRM Analysts
• Conduct risk assessments and manage third-party vendor reviews or renewals.
• Host and participate in meetings with engineering, compliance, and business teams to discuss security requirements and remediation plans.
• Review and evaluate architecture diagrams and technical designs for ongoing and upcoming projects.
• Monitor security controls, metrics, incident reports, and issues to identify and respond to risks or weaknesses.
• Prepare documentation, executive summaries, and presentations for decision makers and stakeholders.

Who are we looking for?

• A professional with strong experience in both security architecture and risk management, ideally in complex or regulated environments.
• Proven ability to communicate technical concepts and security risks to both technical and non-technical audiences.
• Experience conducting third-party risk assessments and managing vendor relationships.
• Expertise in industry standards, regulatory compliance, and security frameworks (such as HIPAA, HI-Trust, ISO 27001, NIST 800-53, SOC2).

• A proactive problem-solver with excellent analytical, organizational, and stakeholder management skills.

• Basic knowledge of AI technologies such as Generative AI, Artificial Neural Networks (ANN), Convolutional Neural Networks (CNN), and AI security

Key words: Security Architect, Risk Assessment, Risk Management, Vendor Security Assessment, Product Security Assessment, TPRM, Third Party Risk Management, AI Security,

Providence's vision to create 'Health for a Better World' aids us to provide a fair and equitable workplace for all in our employment, whether temporary, part-time or full time, and to promote individuality and diversity of thought and background, and acknowledge its role in the organization's success. This makes us committed towards equal employment opportunities, regardless of race, religion or belief, color, ancestry, disability, marital status, gender, sexual orientation, age, nationality, ethnic origin, pregnancy, or related needs, mental or sensory disability, HIV Status, or any other category protected by applicable law. In furtherance to our mission in building a more inclusive and equitable environment, we shall, from time to time, undertake programs to assist, uplift and empower underrepresented groups including but not limited to Women, PWD (Persons with Disabilities), LGTBQ+ (Lesbian, Gay, Transgender, Bisexual or Queer), Veterans and others. We strive to address all forms of discrimination or harassment and provide a safe and confidential process to report any misconduct.

Contact our Integrity hotline also, read our Code of Conduct.