Governance, Risk, and Compliance Manager

Meriton•Irving, TX

1d•Hybrid

About The Position

Meriton is a national team of experts driving HVAC innovation through a network of high-performing companies. From strategy and support to systems and solutions, we work behind the scenes to strengthen operations and build value—for our partners and our people. If you’re looking to make an impact, we’re glad you’re here. At Meriton, you’ll join a team that believes in big ideas, doing great work, and building careers that matter—every step of the way. The Governance, Risk, and Compliance (GRC) Specialist supports the organization’s information security and enterprise risk management programs by facilitating risk identification, control assessment, policy governance, and compliance activities across regulatory and internal frameworks. This role partners with business and technology stakeholders to ensure risks are documented, evaluated, and treated in alignment with organizational risk tolerance, while enabling consistent, auditable processes for compliance, third-party risk, and control monitoring. The GRC Specialist plays a critical role in translating regulatory and security requirements into actionable controls, maintaining accurate risk and compliance artifacts, and supporting leadership with timely, data-driven reporting to inform risk-based decision-making.

Requirements

Elevated professionalism which demonstrates tempered emotions, empathy, positive intent, and integrity in all interactions.
Excellent communication and interpersonal skills with the ability to build strong relationships across all levels of the organization.
Strong verbal and written communication skills
Ability to effectively communicate and present information one-on-one and in group situations, and outside of the company.
Strong attention to detail
Ability to work in a fast-paced environment
Must be a self-starter, independent, and strong organization skills, with the ability to manage multiple priorities and deadlines at any given time
Strategic & Analytical Thinking
Risk‑Based Decision‑Making and the ability to solve practical problems and manage a variety of variables in situations and with problems where only limited information or standardization exists
Change Leadership
Continuous Improvement Mindset
Bachelor’s degree in Cybersecurity, Information Systems, or related field (or equivalent experience).
8+ years’ experience in security, risk, compliance, or GRC-focused roles.
Strong practical experience with one or more frameworks such as ISO 27001, SOC 2, NIST, CIS, or similar.
Confidence leading meetings, workshops, and complex discussions.
Ability to design security governance and compliance programs, not just implement them.
Strong written communication skills, with experience producing high-quality documentation.
Strong organizational skills and ability to manage multiple engagements and priorities.
A pragmatic, solutions-focused mindset with an understanding of business realities.

Nice To Haves

Experience mentoring or supporting the development of junior team members.
Certifications such as CISSP, CISM, CRISC, CGEIT, or CGRC, preferred.

Responsibilities

Support the development, maintenance, and lifecycle management of information security and IT governance policies, standards, and procedures.
Coordinate periodic policy reviews and facilitate stakeholder input, approvals, and attestations.
Maintain policy exceptions and waivers, ensuring appropriate risk evaluation, documentation, and executive approval.
Partner with legal, compliance, IT, and security teams to ensure governance alignment across enterprise initiatives.
Lead and coordinate the Business Impact Analysis (BIA) process by partnering with business and technology stakeholders to identify critical processes, assess operational, financial, and regulatory impacts, and document recovery objectives to support enterprise resilience and continuity planning.
Identify, assess, and document information technology risks across infrastructure, applications, cloud services, and third-party environments using standardized risk assessment methodologies.
Facilitate periodic and ad-hoc IT risk assessments, including inherent risk evaluation, control effectiveness testing, and residual risk determination.
Maintain the enterprise IT risk register by ensuring risks are accurately described, consistently scored, and aligned to business impact and risk tolerance.
Track risk remediation activities to completion and validate that corrective actions effectively reduce risk exposure.
Support third-party and vendor risk assessments by evaluating IT-related risks associated with external service providers.
Support continuous improvement of the IT risk management program through process optimization, tooling enhancements, and stakeholder feedback.
Monitor emerging threats, vulnerabilities, and technology changes to identify new or evolving risk scenarios.
Lead internal control testing, evidence collection, and audit readiness across cloud and on-prem system.
Collaborate with architects and development teams to identify potential attack paths early in the design phase.
Collaborate with cross-functional teams and external auditors to ensure regulatory compliance
Leverage intelligence from vulnerability, threat, and incident data to continuously refine security controls.
Evaluate and improve security controls, processes, and documentation.
Develop and maintain risk metrics, dashboards, and reporting artifacts for management and executive-level audiences.
Present risk posture and program effectiveness metrics to senior leadership and governance committees.
Align program outcomes with frameworks such as NIST CSF & CIS Controls.