About PRGX Global, Inc

ABOUT PRGX

We provide the business intelligence to unlock incremental value from data and expand impact across our clients' organizations for healthier whole businesses. PRGX pioneered Recovery Audit nearly 50 years ago and is now the global leader in source-to-pay analytics and margin expansion. PRGX empowers clients in more than 30 countries with the business intelligence to recover $1.2 billion in annual cash flow, unlocking value and improving the overall health of organizations across the world. We collaborate with supplier communities to realize improved profits and deliver the tools to optimize processes, finding immediate and lasting value. With end-to-end technology and deep vertical expertise that underpins our recovery, preventive, and analytics solutions, we provide the actionable insights to minimize leakage, optimize cash flow, and shape stronger, healthier businesses. F or additional information on PRGX, please visit www.prgx.com .

Job Description

The Governance, Risk and Compliance Manager (Security) specializes in third-party risk assessments, ISO27001 audits, SOC2 audits, and client-conducted risk assessments. The position plays a pivotal role in maintaining and enhancing PRGX's governance, risk and compliance framework.

Key Responsibilities:

ISO27001 Audits:

• Oversees the preparation, execution, and management of ISO27001 audits to assess the effectiveness of the organization's information security management system (ISMS).

• Works closely with internal stakeholders to address audit findings, implement corrective actions, and continuously improve the ISMS to meet ISO27001 standards.

• Serves as a subject matter expert on ISO27001 requirements and provide guidance and support to teams across the organization to ensure compliance.

SOC2 Audits:

• Manages the SOC2 audit process, including readiness assessments, evidence gathering, and coordination with auditors to facilitate successful SOC2 examinations.

• Develops and maintains SOC2 policies, controls, and documentation to demonstrate compliance with trust services criteria (security, availability, processing integrity, confidentiality, and privacy).

• Monitors and tracks remediation activities to address any identified gaps or deficiencies in SOC2 controls and ensure timely resolution.

Client-Conducted Risk Assessments:

• Completes client assessments of PRGX security controls to ensure all client concerns are addressed and they are comfortable providing data required for services.

• Acts as a liaison between clients and internal teams to address client inquiries, clarify requirements, and ensure the timely completion of risk assessment processes.

Compliance and Reporting:

• Keeps abreast of regulatory changes, industry trends, and emerging risks related to information security, privacy, and data protection.

• Prepares and delivers regular reports to senior management and stakeholders on the status of third-party risk assessments, ISO27001 audits, SOC2 audits, client-conducted risk assessments, and overall compliance initiatives.

• Collaborates with internal and external auditors to facilitate compliance audits and assessments as needed.

Third-Party Risk Assessment:

• Leads the evaluation and assessment of third-party vendors and partners to identify potential risks and ensure compliance with contractual obligations, industry standards, and regulatory requirements.

• Develops and maintains a comprehensive third-party risk management program, including risk assessment methodologies, risk identification, evaluation, and mitigation strategies.

• Collaborates with cross-functional teams, including Legal, Procurement, and IT Security, to establish and enforce third-party risk management policies and procedures.

Qualifications:

• Bachelor's degree in Information Security, Risk Management, Business Administration, or a related field (Master's degree preferred).

• Professional certifications such as CISA, CISSP, CISM, ISO27001 Lead Auditor, or equivalent.

• Proven experience (5+ years) in governance, risk, and compliance roles, with a focus on third-party risk management, ISO27001 audits, SOC2 audits, and client-conducted risk assessments.

• In-depth knowledge of relevant frameworks, standards, and regulations, including ISO27001, SOC2, GDPR, CCPA, etc.

• Strong analytical skills with the ability to assess complex risk scenarios and develop effective mitigation strategies.

• Excellent communication and interpersonal skills, with the ability to collaborate effectively with cross-functional teams, clients, and external stakeholders.

• Demonstrated leadership abilities with experience in managing audit processes, leading teams, and driving results.

  Skills & Requirements Qualifications

PRGX provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, age, sex, national origin, disability status, genetic information, Protected Veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.