Skip to site navigation Skip to main content

Search by Location

Job Matching Already Registered?

Associate Director/Manager, IT GRC

Apply Now
Location Durham, North Carolina Job ID 19-87241

The Associate Director/Manager, IT Governance, Risk, and Compliance (GRC) works within the Information Security Office to help with development and management of the GRC Program. In particular, this position is responsible for supporting the overall compliance and governance programs through obtaining and/or maintaining ongoing compliance with information security and data industry standards and regulatory requirements (i.e. HITRUST, HIPAA, PCI, 21 CFR Part 11, SSAE18, etc.). Specifically, the role will be responsible for facilitation of third party audits and attestation engagements, customer requests for information, and execution of risk and compliance assessments in support of readiness and monitoring in preparation of attest engagements. The role will oversee and execute these activities with the support and management responsibility over 1-3 staff members.


Support and manage external IT-related attestation engagements, including HITRUST, SOX, SSAE18/SOC, SOX, PCI and similar; as well as others where required.

Complete customer security questionnaires and requests for information (RFIs).

Liase with external customers on IT and Information Security posture in support of existing relationships and requests for proposals (RFPs).

Develop and maintain strong business and technology relationships.

Liase with other internal regulatory subject matter experts such as Legal, Privacy, Internal Audit, and others as needed to ensure alignment with regulatory requirements.

Support internal, external, regulator, customer, or other IT audits and/or requests for information with Information Security scope as needed.

Support CAPA tracking process regultant from audits including assignment to IT issue owners and timely execution of mitigating actions.

Help ensure alignment of technology controls between industry standards/policy/regulatory requirements and critical business needs; and

Communicate effectively across multiple levels.



7-10 years in Information Security, IT Audit/Governance/Risk/Compliance, or similar role. At least 3-4 years of management experience preferred.

Strong knowledge of information security governance, risk, and compliance programs.

Strong understanding and experience with requirements in regulated IT environments.

Proven project management and organizational skills, specifically managing multiple, concurrent projects.

Strong analytical background and technical skills with the ability to apply regulatory requirements to IT operational and technical controls.

Demonstrated leadership skills with ability to communicate effectively and collaborate strongly within a virtual team.

Excellent conceptual and critical thinking skills and sound judgment, with strategic orientation and ability to perform tactically, as required.

Experience and understanding of the functionality of GRC tools such as Archer is a plus.

Bachelors in business/technology or related field required; graduate degree preferred.

Certifications in one or more of the following areas preferred: CISSP, CISA, CISM, CRISC,





Monday through Friday, 8:00-5:00
Apply Now


Check out where you could be working if you apply.

View Map

Join Our Talent Community

Interested In:Search for a category and select one from the list of suggestions. Search for a location and select one from the list of suggestions. Finally, click “Add” to create your job alert.

  • Information Technology, Durham, North Carolina, United StatesRemove
  • Management, Durham, North Carolina, United StatesRemove

Your information may be used to contact you, including by text message, about the event and will be retained for future communication about opportunities with LabCorp. A submission through this form does not guarantee you a job with LabCorp. By clicking “Sign Up” you agree to receive text messages at the wireless number you provide. Up to 5 messages per month. SMS/MMS texts may be sent using automated.