Governance, Risk and Compliance Manager

PSRSJefferson City, MO
$126,286 - $157,858Hybrid

About The Position

PSRS/PEERS is seeking an experienced, strategic, and forward-thinking Governance, Risk, and Compliance Manager to join our Information Security Team. In this vital leadership role, you will oversee and advance the organization’s governance, risk, and compliance program, ensuring that cybersecurity policies, control frameworks, vendor diligence processes, audit activities, and documentation standards consistently support secure and risk-informed operations. Working under the general direction of the Chief Information Security Officer (CISO), you will contribute directly to PSRS/PEERS’ ability to deliver secure, reliable, and compliant services to Missouri’s public educators. As the GRC Manager, you will build and lead the GRC function, with the opportunity to grow and supervise a team of analysts as the program matures. You will guide policy development and maintenance, oversee the risk evaluation framework that shapes enterprise decision-making, ensure comprehensive audit readiness, coordinate vendor due diligence processes, and maintain mappings to cybersecurity frameworks selected by the CISO, such as NIST CSF or CIS Controls. Your work will support predictable audit outcomes, enforce disciplined documentation practices, and strengthen PSRS/PEERS’ overall security posture through thoughtful governance and consistent standards.

Requirements

  • Ability to design and implement organizational policies and standards.
  • Ability to maintain robust exception processes.
  • Ability to manage documentation with exceptional precision and consistency.
  • Thorough understanding of audit and assurance practices, including evidence handling, sampling, workpaper development, and findings management.
  • Proven experience with cybersecurity control frameworks such as NIST CSF, NIST 800-53 or 800-171, ISO 27001, or CIS Controls.
  • Familiarity with regulatory requirements such as HIPAA.
  • Strong knowledge of third-party risk practices, including inherent risk assessment, evidence review, and remediation tracking.
  • Ability to translate complex cybersecurity topics such as identity management, logging, vulnerability management, backups, and change control into clear, business-focused guidance that informs decisions across the organization.
  • Ability to work effectively with stakeholders across functions.
  • Ability to build strong and collaborative relationships.
  • Ability to communicate confidently with both technical and non-technical audiences.
  • Bachelor’s degree or equivalent experience.
  • Minimum of 8 years of experience in governance, risk, and compliance, audit or compliance functions, cybersecurity risk, or closely related professional areas.

Nice To Haves

  • Demonstrated skill in supervising and mentoring team members.
  • Ability to manage projects and programs that involve multiple stakeholders and long-term planning.
  • Degree in business, accounting, audit, information systems, public policy, cybersecurity, or related fields.
  • Relevant certifications such as CISA, CRISC, CGRC, ISO 27001 Lead Implementer/Lead Auditor, CISSP, or CISM.

Responsibilities

  • Oversee and advance the organization’s governance, risk, and compliance program.
  • Ensure cybersecurity policies, control frameworks, vendor diligence processes, audit activities, and documentation standards consistently support secure and risk-informed operations.
  • Build and lead the GRC function, with the opportunity to grow and supervise a team of analysts as the program matures.
  • Guide policy development and maintenance.
  • Oversee the risk evaluation framework that shapes enterprise decision-making.
  • Ensure comprehensive audit readiness.
  • Coordinate vendor due diligence processes.
  • Maintain mappings to cybersecurity frameworks selected by the CISO, such as NIST CSF or CIS Controls.
  • Support predictable audit outcomes.
  • Enforce disciplined documentation practices.
  • Strengthen PSRS/PEERS’ overall security posture through thoughtful governance and consistent standards.
  • Oversee day-to-day GRC operations, ensuring that governance priorities are aligned with organizational objectives and that GRC deliverables consistently meet the program's standards for accuracy and quality.
  • Own the cybersecurity policy and standards lifecycle by maintaining policies, evaluating exceptions, managing expirations, and ensuring that compensating controls are properly documented.
  • Maintain the completeness and accuracy of incident response documentation, update playbooks, and coordinate tabletop exercises while ensuring that action items resulting from those exercises are addressed.
  • Uphold strict documentation standards by ensuring that SOPs, runbooks, and other operational materials adhere to required versioning, evidence, and repository guidelines.
  • Ensure that the enterprise risk evaluation framework is applied consistently across vendor reviews, technology decisions, exception approvals, and go/no-go determinations, resolving escalations that exceed the organization's risk appetite.
  • Establish and enforce documentation standards that allow audits to proceed smoothly.
  • Coordinate audits and examinations by organizing evidence packets, reviewing responses, and monitoring findings through completion.
  • Oversee third-party and vendor risk processes by coordinating intake and due diligence activities, prioritizing high-risk vendors, evaluating gaps, and ensuring that remediation items are tracked to resolution.
  • Document control mappings, assess sufficiency, maintain the control catalog, and manage the compliance calendar.
  • Monitor organizational adherence to policies, maintain issue and exception registers, develop security reporting for leadership, and support both Legal and IT departments in areas such as data governance, eDiscovery preparation, and preservation coordination.
  • Cultivate a strong culture of governance, accountability, and continuous improvement, guiding staff development and contributing to long-term GRC program planning and budgeting.

Benefits

  • Robust Health Savings Account (HSA)
  • Dental and vision coverage
  • Membership in a defined benefit pension plan that provides lifelong retirement benefits after just five years of vesting
  • Three weeks of paid vacation annually
  • Three weeks of sick leave annually
  • 12 paid holidays each year
  • Tuition assistance
  • Ongoing training
  • Professional development opportunities
  • Leadership development program
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service