• GRC Lead

    Insight Global (Conshohocken, PA)


    Job Description

    A small but growing pharmaceutical company is seeking an experienced GRC Lead to manage information security governance, risk, compliance, awareness, and third-party risk programs. This role will mature GRC processes, support audits, run security awareness initiatives, and oversee vendor risk reviews.

    Responsibilities

     Develop and maintain security policies, standards, and procedures.

     Coordinate risk management and track remediation using JIRA.

     Build dashboards for risk posture and compliance visibility.

     Drive security awareness campaigns and phishing simulations.

     Manage third-party risk assessments and vendor onboarding.

     Partner cross-functionally to operationalize GRC workflows and improve processes.

     

    payrate - $50-$60

     

    We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to [email protected] learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/.

    Skills and Requirements

     5–8+ years in GRC, risk management, or information security.

     Security & Awareness training + Phish testing

     Recent experience putting together KPIs, dahsboards and drafted /edited cyber policies/ standards and playbooks.

     Familiarity with frameworks (SOC 2, ISO 27001, NIST CSF, HIPAA).

     Experience with vendor risk assessments and awareness programs.

     Strong communication and project management skills.

     JIRA experience • Power BI and relevant certifications