Sr. Manager, Governance, Risk and Compliance

Overview

At Crocs, Inc., every career offers a chance to make a real impact. No two journeys look the same. And that's exactly how we like it. Whether you’re welcoming customers into our stores, collaborating with global teams at our headquarters, or keeping operations moving at our distribution centers, your impact is real and valued. At Crocs, Inc. you’re not expected to fit a mold. You’re encouraged to break it and create something better.

The Sr. Manager, Governance, Risk, and Compliance (GRC) at Crocs, Inc. is part of the Global Information Technology team and reports into the VP, Chief Information Security Officer. This role will lead the development and management of governance, risk, and compliance programs to ensure regulatory and policy adherence. Collaborating with teams across the global organization, this role identifies and mitigates risks, fosters a culture of compliance, and aligns enterprise risk management with business goals and regulations.

What You'll Do

• Develop and maintain governance frameworks, policies, and procedures to ensure effective decision-making and accountability.
• Oversee the implementation of governance protocols across the organization.
• Provide guidance and support to senior management on governance-related matters.
• Remediation tracking within GRC systems.
• Host monthly Business Information Security Officer (BISO) team meetings to facilitate cross-functional communication and partnership.
• Prepare and present reports on GRC activities, risks, and compliance issues.
• Identify, assess, and prioritize enterprise risks, and develop strategies to mitigate these risks, including vendor risk management, vulnerability management, and assessment findings/remediation management.
• Lead the development and implementation of risk management policies and procedures.
• Conduct regular risk assessments and report findings to senior management.
• Monitor and analyze risk trends and emerging risks and recommend appropriate actions.
• Ensure the organization follows all relevant laws, regulations, and industry standards.
• Develop and implement a comprehensive compliance program, including policies, training, monitoring, and reporting.
• Conduct regular compliance audits (such SOX and PCI) and assessments (such as annual risk and maturity) and address any identified issues.
• Liaise with regulatory bodies and ensure timely and accurate reporting.
• Work directly with IT Infrastructure and critical application owners to complete assessment and remediation plans, to include occasional internal testing of controls ahead of external third-party assessments.

#LI-MS1

#LI-Hybrid

What You'll Bring to the Table

• Bachelor’s degree in IT or related field or equivalent experience.
• 8+ years in IT and 3+ years in GRC roles, including team leadership.
• In-depth Knowledge of relevant laws, regulations and other applicable frameworks.
• Strong ability to lead and manage the GRC function, develop and implement strategic plans, and guide the organization towards its GRC objectives.
• Excellent written and verbal communication skills, with the ability to present complex GRC issues and strategies clearly to various stakeholders.
• Ability to mentor, coach, and develop staff, foster a culture of continuous improvement and collaboration.
• Proven ability to analyze complex data, interpret compliance requirements, and develop effective solutions.
• Ability to negotiate, influence, and secure consensus from various internal and external partners.
• Familiarity with the use of GRC technology solutions and has a broad understanding of information security principles.
• Commitment to keeping up to date with the latest developments in the GRC field, including evolving laws and regulations, emerging risks, and best practices in GRC management.