Job Description
The Senior Manager IT GRC oversees and manages the organization's technology governance, risk, and compliance strategies with a heavy focus on Information Systems, Security & Data Protection. They work closely with leadership and other compliance teams to develop and implement effective GRC frameworks that align with our business objectives and comply with industry regulations and standards. The role involves identifying, assessing, and mitigating risks to our organization, managing compliance with legal and regulatory requirements, and ensuring that our policies and procedures meet best practices. They are responsible for developing and implementing various governance, risk management, and compliance programs across the organization and maintaining a strong culture of ethical behavior. The ideal candidate will have a strong information technology and risk management background and experience in compliance management and regulatory requirements.
The Senior Manager of IT GRC oversees reports to the Director of Information Security and will work closely with other senior leaders across the organization.
Responsibilities
- Develop, implement, and manage collaborative GRC programs across the organization, including policies, procedures, and controls.
- Develop and maintain information security and data protection policies, procedures, and controls that align with industry standards and regulatory requirements.
- Manage and develop programs to ensure that technology systems are compliant with Information Security & Data Protection policies and standards. For example, system patching and modern encryption.
- Ensure that GRC programs align with business objectives and are compliant with relevant legal and regulatory requirements, including CCPA, PIPEDA, SOX, GDPR, PCI, NACHA, FTC Safeguard Rules & other financial regulations.
- Monitor and ensure compliance with regulatory requirements, industry standards, and best practices.
- Conduct risk assessments and develop risk management plans to mitigate risks and provide reporting on findings.
- Develop and deliver training programs to increase awareness of information security and compliance requirements and best practices.
- Collaborate with legal and audit teams to ensure compliance with regulatory and legal requirements.
- Conduct technology compliance assessments and audits, and monitor compliance metrics to identify areas of non-compliance and develop corrective actions.
- Coordinate and participate in steering committee activities related to GRC, partnering with other respective compliance stakeholders.
- Serve as a subject matter expert on compliance-related matters and provide guidance to internal teams on regulatory compliance issues.
- Develop and maintain an Information Technology risk management framework that identifies and assesses risks associated with our technology systems, and develop strategies to mitigate those risks.
- Provide guidance and support to business units on compliance and risk management matters.
- Work closely with the finance organization to develop and implement strategies to prevent fraud and other types of financial crimes.
- Develop and maintain relationships with internal stakeholders, external partners, and regulators to ensure ongoing compliance.
- Collaborate with financial compliance teams to design and implement effective internal controls to ensure the integrity of our financial reporting.
- Develop and deliver training programs to promote a strong culture of ethical behavior and compliance.
- Manage internal and external audits and assessments and develop and implement corrective action plans as needed.
- Collaborate with other senior leaders to ensure alignment of GRC programs with organizational goals and strategies.
- Monitor and review regulatory changes and industry trends to ensure GRC programs remain effective and relevant.
- Develop metrics to track security program effectiveness and to report risk
Required Skills & Experience
- Bachelor's degree in information technology, Computer Science, or related field
- At least 7 years of experience in information technology, risk management, and compliance management
- Strong knowledge of regulatory requirements and industry standards such as GDPR, CCPA, SOX, PCI, etc.
- Excellent communication, collaboration, and leadership skills
- Proven record of accomplishment of implementing successful GRC programs and driving change in an organization.
- Strong analytical and problem-solving skills and effective communication and interpersonal skills, with the ability to collaborate effectively with stakeholders at all levels of the organization
- Experience in leading cross-functional teams and managing projects
- Experience developing and implementing GRC programs, policies, procedures, and controls
- Experience conducting risk assessments and developing risk management plans
- Professional certification in relevant areas such as CISA, CISSP, CRISC, or similar are highly preferred.
- Ability to travel
Benefit packages for this role will start on the 31st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.