Sr. Manager, IT Governance, Risk, & Compliance

Overview

Reporting into Information Security, the Senior Manager of Governance, Risk, and Compliance (GRC) is responsible for developing, implementing, and managing the company’s governance, risk management, and compliance programs. This role ensures that the organization complies with regulatory requirements, industry standards, and internal policies. The Senior Manager of GRC will work closely with various departments to identify, assess, and mitigate risks, as well as promote a culture of compliance and ethical behavior. As the primary GRC authority, this leader works directly with other stakeholders, such as Legal, Risk, Internal Audit, etc., to ensure the alignment of the company's IT and Enterprise risk management framework with its business objectives and regulatory requirements. 

The GRC Senior Manager possesses a combination of technical expertise, backgrounds in GRC, and applicable frameworks, working alongside business owners to ensure a balance of compliance with business enablement. They will identify, track, and address potential risks, while proactively enhancing the company's overall GRC posture. Direct and oversee a small GRC Team, fostering an environment of collaboration and expertise sharing while ensuring adherence to governance frameworks and compliance standards and empowering team members to proactively manage and mitigate organizational risks.

What You'll Do

Governance:

• Develop and maintain governance frameworks, policies, and procedures to ensure effective decision-making and accountability.  This includes the company’s information security policies and cybersecurity risk management policies.
• Oversee the implementation of governance best practices across the organization.
• Provide guidance and support to the board of directors and senior management on governance-related matters.
• Remediation tracking within GRC systems.
• Host monthly Business Information Security Officer (BISO) team meetings to facilitate cross-team communications.
• Prepare and present reports on GRC activities, risks, and compliance issues to senior management and the board of directors.

Risk Management:

• Identify, assess, and prioritize enterprise risks, and develop strategies to mitigate these risks.  This includes vendor risk management, vulnerability management, and assessment findings/remediation management.
• Lead the development and implementation of risk management policies and procedures.
• Conduct regular risk assessments and report findings to senior management and the board.
• Monitor and analyze risk trends and emerging risks and recommend appropriate actions.

Compliance:

• Ensure the organization complies with all relevant laws, regulations, and industry standards.
• Develop and implement a comprehensive compliance program, including policies, training, monitoring, and reporting.
• Conduct regular compliance audits and assessments and address any identified issues.
• Liaise with regulatory bodies and ensure timely and accurate reporting.
• Work directly with IT Infrastructure and critical application owners to execute assessment and remediation plans, to include occasional internal testing of controls ahead of external third-party assessments.
• Coordinate internal audits and follow up on audit findings to ensure corrective actions are implemented.

#LI-MS1

What You'll Bring to the Table

Minimum Education:

• Bachelor’s degree or equivalent experience in Information Technology or other related field.  

Minimum Experience:

• 8+ years’ experience in IT, with 3+ years in GRC role. Experience working with other compliance driven teams such as Legal, Audit, etc. 

Knowledge, Skills & Abilities: 

• In-depth Knowledge of Relevant Laws and Regulations and other applicable frameworks
• Risk Management Skills: Ability to identify, analyze, and effectively mitigate or manage enterprise risks. Familiarity with risk management frameworks and methodologies.
• Strategic Thinking and Leadership: Strong ability to lead and manage the GRC function, develop and execute strategic plans, and guide the organization towards its GRC objectives.
• Communication and Presentation Skills: Excellent written and verbal communication skills, with the ability to present complex GRC issues and strategies clearly to various stakeholders.
• People Management: Proven leadership in managing cross-functional IT teams with a focus on operational excellence. Ability to mentor, coach, and develop staff, fostering a culture of continuous improvement and collaboration. 
• Analytical Skills: Strong ability to analyze complex data, interpret compliance requirements, and develop effective solutions.
• Negotiation and Influencing Skills: Ability to negotiate with, influence, and secure buy-in from various stakeholders, both internal and external, to achieve GRC objectives.
• IT Proficiency: Familiarity with the use of GRC technology solutions, as well as a broad understanding of information security principles and best practices.
• Continuous Learning: A commitment to keeping up to date with the latest developments in the GRC field, including evolving laws and regulations, emerging risks, and best practices in GRC management.