Governance Risk and Compliance Sr. Manager

About The Position

Requirements

• Bachelor's or Master's degree in law (privacy/data protection), Information Technology, Cybersecurity, Computer Science, or Risk/Compliance
• 5+ years of experience in a similar position
• Strong understanding of IT security, data privacy, and global regulatory environments
• Strong written and oral communication skills
• Analytical mindset, critical thinking, and attention to detail
• Experience with data‑mapping tools, encryption protocols, audit and logging systems, and Privacy‑by‑Design frameworks
• Experience with GDPR, NIS2 and equivalent global privacy regulations

Nice To Haves

• Relevant certifications such as CIPP‑E, CIPM, CISSP, CISA, or CRISC are advantageous

Responsibilities

• GDPR or Similar Program and Project Management
• Plan, coordinate, and implement GDPR projects including risk assessments, data mapping, DPIAs, and impact analysis.
• Lead cross-functional initiatives to ensure compliance with global privacy laws (GDPR, LGPD, CCPA, etc.).
• Regulatory Cyber compliance
• Plan, coordinate, and implement NIS2, NIST and other Cyber compliance projects.
• Work with vCISO and other outsourcing partners in the Cyber space to ensure compliance with different local legislation and standards.
• IT Governance, Policies & Controls
• Develop, maintain, and continuously improve IT compliance policies, procedures, guidelines, and internal controls to support effective governance.
• Develop and maintain comprehensive IT compliance frameworks aligned with GDPR, ISO27001, NIST, NIS2, and SOX as applicable for the size of the organization.
• Implement and monitor security and privacy controls - including access management, encryption, logging, and data protection measures.
• Monitor regulatory changes and ensure compliance with new requirements.
• Ensure ‘secure by design’ principles are applied across systems and projects.
• Support accurate maintenance of the IT asset inventory and compliance-related asset processes.
• Audit & Reporting
• Lead internal and external IT audits, regulatory reviews, and risk assessments.
• Produce compliance reports covering status, risk performance, KPIs, and audit findings.
• Build and maintain dashboards to track compliance obligations and remediation efforts.
• Act as point of contact with authorities and external auditors during reviews or investigations.
• Training & Awareness
• Ensure training plans and initiatives are sufficient for staff on compliance requirements, privacy principles, and IT policies to all staff levels.
• Develop ongoing awareness programs to embed a culture of compliance.
• IT Risk management
• Building IT risk management for the organization, defining roles and responsibilities, ensuring IT risks are categorized and managed.
• Building plans to create risk management standards, policies and procedures, work with vCISO to ensure all required documents and processes are defined.
• Work with senior leaders to develop a risk balanced approach, define actions and implement such.
• Incident Response
• Investigate compliance breaches and monitor investigations of security incidents, ensuring root-cause analysis and corrective action.
• Support incident response activities from a privacy and regulatory perspective.

Benefits

• Benefits will include the ability to elect health care and wellness plans, dental and vision plans, flexible and virtual work options (where available), 401(k) Savings Plan with company match, paid holidays, paid time off, health savings and flexible spending accounts, reimbursement for continuing education, life insurance, and other supplemental insurance plans.