Information Security Governance, Risk and Compliance (GRC) Lead

Information Security Governance, Risk and Compliance (GRC) Lead

O'Melveny & Myers LLP has an immediate opening for a remote Information Security Governance, Risk and Compliance (GRC) Lead in one of our Texas offices. The GRC Lead serves as the subject matter expert for firmwide Information Security GRC initiatives, collaborating closely with the Information Security Officer. This role encompasses the development, implementation and ongoing coordination of GRC efforts, tracking information security risks, conducting risk analyses and mitigation options, coordinating information security metrics, and regular reporting to Information Security leadership. The Lead enforces GRC rigor globally for firmwide information security obligations and helps implement a comprehensive control framework to execute the GRC strategy. The role oversees administration of standards and controls, risk management, third-party risk management (TPRM), baseline security controls and technology compliance initiatives. It coordinates information security audits and assessments, tracks responses, and interacts with clients and external auditors. It may also involve reviewing outside counsel guidelines and developing a third-party risk management program, including due diligence documentation such as questionnaires and SOC reports.

Responsibilities Include

• Lead firmwide Information Security GRC initiatives in partnership with the Information Security team.
• Assist and coordinate with the ISO 27001 annual certification preparations, as well as client audits.
• Track external requirements such as outside counsel guidelines and assist with review and response as needed.
• Oversee Information Security GRC activities and coordinate with the Information Security Officer.
• Serve as a subject matter expert and trusted advisor for leadership on Information Security GRC matters.
• Serve as the primary contact for responding to business unit inquiries regarding operational compliance.
• Collaborate with IT, legal, finance and operations to develop a cohesive Information Security GRC program.
• Partner with business units during solutions onboarding to ensure adequate controls are in place and enabled.
• Conduct regular risk assessments and analyze emerging risks across the organization.
• Coordinate with stakeholders to implement effective risk mitigation strategies.
• Maintain a strategic and comprehensive GRC program that includes policies, standards, processes and guidelines.
• Stay updated on regulatory changes and industry standards (ISO, NIST, GDPR, HITRUST, HIPAA).
• Provide guidance to team members to ensure compliance with relevant laws and regulations.
• Deliver GRC reports to management, emphasizing compliance status, risk exposure and mitigation efforts.
• Oversee third-party and vendor risk as part of the organization's risk management strategy.
• Document and enforce cybersecurity standards that balance risk with business operations.
• Ensure audit readiness by documenting GRC activities, policies, assessments and corrective actions.
• Implement process improvements using GRC tools and methodologies to drive productivity gains.
• Cooperate with internal and external auditors to maintain and implement controls that meet GRC requirements.
• Motivate functional areas to adopt practices that comply with cybersecurity policies and standards.
• Provide leadership in collaboration with technical and business teams to strengthen business resiliency.
• Guide team to align with security, audit and risk management efforts in ongoing security program assessments.
• Assist Information Security with projects as needed.
• Stay abreast of current technologies, developments, security compliance requirements, standards, and industry trends.
• Perform analysis of security threats and vulnerabilities and use threat intelligence to anticipate and mitigate risks.
• Ensure secure handling of privileged accounts and credentials.

Qualifications

We offer an excellent salary and benefits package. For more information, or to be considered for this position, please apply online at www.omm.com. EOE M / F / D / V. No phone inquiries please.

J-18808-Ljbffr