Manager of Governance, Risk and Compliance (GRC)

The Opportunity

The Manager of Governance, Risk and Compliance (GRC) is a leadership role within the cyber security organization. This individual is responsible for establishing and maintaining a comprehensive GRC framework, ensuring compliance with regulatory requirements, managing third-party risks, and overseeing enterprise-wide risk management processes. The manager will work closely with executive leadership, cyber security, legal, IT, and other key stakeholders to safeguard the organization's interests and promote a culture of risk awareness and accountability.

Key Responsibilities

Governance, Risk and Compliance (GRC)

• Develop, implement, and maintain the GRC framework and strategy.
• Ensure compliance with relevant laws, regulations, and industry standards.
• Conduct regular risk assessments and compliance audits.
• Monitor and report on the effectiveness of GRC initiatives to senior leadership.
• Develop and deliver GRC training programs to employees.

Privacy

• Oversee the organization's privacy policies and practices.
• Ensure compliance with global privacy regulations, including GDPR and CCPA.
• Manage data protection and privacy breach response processes.
• Conduct privacy impact assessments and audits.
• Provide guidance on privacy-related matters to business units and stakeholders.

Policy and Technology Oversight

• Develop and maintain policies related to GRC, privacy, and risk management.
• Ensure alignment of policies with organizational goals and regulatory requirements.
• Oversee the implementation of technology solutions that support GRC and risk management activities.
• Evaluate and select GRC and risk management tools and technologies.

Third-Party Risk Management

• Develop and implement a third-party risk management program.
• Conduct due diligence and risk assessments of third-party vendors and partners.
• Monitor third-party compliance with contractual and regulatory requirements.
• Establish and maintain relationships with key third-party stakeholders.
• Report on third-party risk management activities to senior leadership.

Enterprise Risk Management (ERM)

• Represent cyber security and information technology within the enterprise risk management framework.
• Oversee the technology areas to identify, assess, and prioritize enterprise risks.
• Develop and implement risk mitigation strategies and action plans.
• Monitor and report on the status of enterprise risks and mitigation efforts.
• Promote a culture of risk awareness and accountability across the organization.

Management Responsibilities

Supervises work of others. Responsible for hiring, discipline, and pay administration of their subordinates.

Minimum Qualifications

• Bachelor's degree
• 12+ years of experience
• All applicants must be able to complete pre-employment onboarding requirements (if selected) which may include any/all of the following: criminal/civil background check, drug screen, and motor vehicle records search, in compliance with any applicable laws and regulations.