×
Register Here to Apply for Jobs or Post Jobs. X

Information Security Governance, Risk, Compliance; GRC Supervisor

Job in Salt Lake City, Salt Lake County, Utah, 84101, USA
Listing for: Arup Laboratories, Inc
Full Time position
Listed on 2026-05-30
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security
Job Description & How to Apply Below
Position: Information Security Governance, Risk, Compliance (GRC) Supervisor
Schedule:

Monday - Friday (40 hrs/wk)

8:00 AM - 5:00 PM

Department: IT General - 210

Primary

Purpose:

The Information Security Governance, Risk, and Compliance (GRC) Supervisor at ARUP provides leadership and direction for the Information Security GRC program, ensuring alignment with ARUP security policies, healthcare regulatory requirements, and the NIST Risk Management Framework. This role serves as a critical bridge between information security, technology teams, and business owners-translating regulatory and technical security requirements into practical, actionable guidance. The Information Security GRC Supervisor is responsible for educating, training, and transitioning ARUP Business Owners and System Owners to operate in compliance with NIST security standards and ARUP security policies.

This role leads risk assessments, compliance activities, audits, and governance processes while delivering clear visibility into ARUP's risk posture through metrics and executive reporting concerning information security. In addition to technical and regulatory oversight, the Information Security GRC Supervisor leads and mentors a team of compliance professionals, drives continuous improvement of governance processes, and partners across the organization to embed risk management and security accountability into daily operations-supporting ARUP's mission to protect clinical, laboratory, and enterprise systems.

About ARUP:

ARUP Laboratories is a national clinical and anatomic pathology reference laboratory and an enterprise of the University of Utah and its Department of Pathology. Based in Salt Lake City, Utah.

ARUP proudly hires top talent to create a work environment of diversity, professional growth and continuous development. Our workforce is committed to the important service we provide to over one million patients each month. We always strive for excellence and have a strong desire to have involvement with the advances in medicine and the role laboratory services plays within each patient's life.

We never forget that there is a patient behind every specimen we receive.

We are looking for individuals who want to contribute to ARUP's culture of accountability, integrity, service, and excellence. Consider joining our dynamic team.

Essential Functions:

Leads the development, implementation, and continual improvement of ARUP's Information Security Governance, Risk Management, and Compliance (GRC) program, ensuring alignment with ARUP security policies, institutional objectives, and the NIST Risk Management Framework (RMF).

Serves as a primary educator and change agent for the organization, responsible for teaching, training, and transitioning ARUP Business Owners, System Owners, and technical teams to operate in compliance with NIST security frameworks and ARUP security policies.

Designs and delivers structured training, workshops, and guidance to help business and system owners understand their security responsibilities, risk ownership, control implementation requirements, and ongoing compliance obligations under NIST SP 800-53.

Conducts and oversees - system-level risk assessments, translating technical and regulatory requirements into clear, actionable guidance for business stakeholders.

Leads the development, review, and maintenance of security policies, standards, and procedures, ensuring alignment with ARUP policy, HIPAA, CAP, SOC 2, GDPR, ISO standards, and NIST RMF requirements.

Leads internal audits, compliance reviews, and external audit preparation, including coordination with auditors and facilitation of evidence collection, remediation planning, and executive reporting.

Delivers compliance and governance services to business and system owners, supporting full lifecycle alignment with NIST SP 800-53 controls, enterprise risk governance frameworks, and ARUP security policy requirements.

Collaborates with cross-functional teams (IT, Infrastructure, Applications, and Operations) to integrate risk management and compliance practices into organizational processes, including Configuration Management, Change Management, and Change Approval Board (CAB).

Maintains System Security Plans (SSPs), Plans of Action and Milestones (POA&Ms), Security Assessment Reports (SARs), Risk Assessment Reports (RARs), and other required cybersecurity documentation.

Identifies gaps in security controls, recommends risk-based improvements, and oversees the implementation and tracking of corrective actions to closure.

Supports system authorization and accreditation activities, ensuring operational environments meet defined security requirements and governance expectations.

Develops and maintains compliance dashboards, risk metrics, and executive-level reporting to communicate risk posture, compliance status, and trends to leadership concerning information security.

Builds and sustains strong working relationships with System Owners, Authorizing Officials, System Administrators, and business leaders to promote shared accountability for information security…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary