Manager of Cyber Governance, Risk, and Compliance

Why Black and Veatch

Black & Veatch allows you to lend your talent and perspective to humanity’s biggest challenges in a flexible environment where you are empowered to grow and explore new possibilities. We offer competitive compensation; 401K match and benefits that start day 1.

Our hybrid environment allows you to balance your work and personal life. At Black & Veatch, you own your career with purpose and meaning. You are empowered to grow and explore new possibilities at every step of your career journey. Bring your big ideas knowing you are safe to be who you are and speak up with concerns or questions and put your diverse talents and perspectives to use.

The Opportunity

The Manager of Governance, Risk and Compliance (GRC) is a leadership role within the cyber security organization. This individual is responsible for establishing and maintaining a comprehensive GRC framework, ensuring compliance with regulatory requirements, managing third-party risks, and overseeing enterprise-wide risk management processes. The Director will work closely with executive leadership, cyber security, legal, IT, and other key stakeholders to safeguard the organization's interests and promote a culture of risk awareness and accountability.

Key Responsibilities

Governance, Risk and Compliance (GRC)

• Develop, implement, and maintain the GRC framework and strategy.
• Ensure compliance with relevant laws, regulations, and industry standards.
• Conduct regular risk assessments and compliance audits.
• Monitor and report on the effectiveness of GRC initiatives to senior leadership.
• Develop and deliver GRC training programs to employees.

Privacy

• Oversee the organization's privacy policies and practices.
• Ensure compliance with global privacy regulations, including GDPR and CCPA.
• Manage data protection and privacy breach response processes.
• Conduct privacy impact assessments and audits.
• Provide guidance on privacy-related matters to business units and stakeholders.

Policy and Technology Oversight

• Develop and maintain policies related to GRC, privacy, and risk management.
• Ensure alignment of policies with organizational goals and regulatory requirements.
• Oversee the implementation of technology solutions that support GRC and risk management activities.
• Evaluate and select GRC and risk management tools and technologies.

Third-Party Risk Management

• Develop and implement a third-party risk management program.
• Conduct due diligence and risk assessments of third-party vendors and partners.
• Monitor third-party compliance with contractual and regulatory requirements.
• Establish and maintain relationships with key third-party stakeholders.
• Report on third-party risk management activities to senior leadership.

Enterprise Risk Management (ERM)

• Represent cyber security and information technology within the enterprise risk management framework.
• Oversee the technology areas to identify, assess, and prioritize enterprise risks.
• Develop and implement risk mitigation strategies and action plans.
• Monitor and report on the status of enterprise risks and mitigation efforts.
• Promote a culture of risk awareness and accountability across the organization.