The GRC Leader is responsible for leading the company’s governance, risk, and compliance efforts, ensuring that all internal processes adhere to regulatory requirements and industry best practices. This role is also tasked with conducting comprehensive assessments of the security controls, determining their effectiveness, and identifying potential risks to strengthen the organization’s overall security posture.

Key Responsibilities:

• Manage the company’s GRC program based on the established operating model, ensuring alignment with both industry standards and regulatory requirements (HIPAA, HITRUST, NIST, etc.). This includes leading the GRC team members responsible for executing day-to-day tasks related to governance, risk management, and compliance.
• Monitor, assess, and document compliance with applicable regulatory requirements, while maintaining a continuous improvement approach to addressing emerging risks. This includes communicating risk and compliance findings effectively across all levels of the organization and translating technical risks into business impact for executive leadership.
• Regularly report security assessment findings, risk posture, and compliance status to senior leadership and key stakeholders, providing clear and actionable insights for decision-making.
• Lead internal teams in the development, documentation, and assessment of the security control specifications based the NIST 800-53 security and privacy requirements, including drafting of System Security Plans (SSPs), Plan of Action & Milestones (POAMs), and other materials to support compliance efforts.
• Facilitate the Security Assessment and Authorization process for public sector clients by collaborating with cross-functional Netsmart teams and client security teams.
• Manage ongoing compliance monitoring efforts based on applicable regulatory requirements and client compliance needs. This includes leading the execution of annual compliance reviews and external audits.
• Facilitate discussions between IT, legal, and business units to effectively address identified risks and help ensure risk management efforts align with business and strategic objectives.

Preferred Knowledge/Skills:

• Deep understanding of GRC frameworks, methodologies (e.g., NIST 800-53, NIST CSF), and regulatory requirements in the healthcare sector (e.g., HIPAA, HITRUST, StateRAMP, TX-RAMP).
• Strong ability to conduct risk assessments, develop mitigation strategies, and integrate risk management into business operations.
• Bachelors degree
• Extensive experience leading internal and external audits, developing SSPs and POAMs, and managing compliance programs.
• Proficient in implementing, assessing, and managing security controls in IT systems, networks, and applications.
• Proven track record of leading, mentoring, and developing GRC teams with a focus on collaboration and accountability.
• Strong skills in presenting complex GRC topics and risk assessments to C-level executives and non-technical stakeholders.
• Ability to lead GRC transformation initiatives, implementing process improvements and fostering a risk-aware culture.

• Strong leadership, communication, and collaboration skills to foster cross-functional alignment between technology, business, legal, and compliance teams.
• Demonstrated ability to manage multiple projects, including security reviews, audits, and continuous monitoring activities, within a dynamic, fast-paced environment.

Netsmart is proud to be an equal opportunity workplace and is an affirmative action employer, providing equal employment and advancement opportunities to all individuals. We celebrate diversity and are committed to creating an inclusive environment for all associates. All employment decisions at Netsmart, including but not limited to recruiting, hiring, promotion and transfer, are based on performance, qualifications, abilities, education and experience. Netsmart does not discriminate in employment opportunities or practices based on race, color, religion, sex (including pregnancy), sexual orientation, gender identity or expression, national origin, age, physical or mental disability, past or present military service, or any other status protected by the laws or regulations in the locations where we operate.

Netsmart desires to provide a healthy and safe workplace and, as a government contractor, Netsmart is committed to maintaining a drug-free workplace in accordance with applicable federal law. Pursuant to Netsmart policy, all post-offer candidates are required to successfully complete a pre-employment background check, including a drug screen, which is provided at Netsmart’s sole expense. In the event a candidate tests positive for a controlled substance, Netsmart will rescind the offer of employment unless the individual can provide proof of valid prescription to Netsmart’s third party screening provider.

If you are located in a state which grants you the right to receive information on salary range, pay scale, description of benefits or other compensation for this position, please use this form to request details which you may be legally entitled.

All applicants for employment must be legally authorized to work in the United States. Netsmart does not provide work visa sponsorship for this position.

Netsmart's Job Applicant Privacy Notice may be found here.