Governance, Risk & Compliance Manager

F & I Sentinel Llc•Dallas, TX

12h•$70,000 - $100,000•Remote

About The Position

The GRC Manager will operate at the intersection of Legal, IT, Security, and Business Operations, serving as a central point of coordination for governance, risk, and compliance initiatives across the organization. The Governance, Risk & Compliance Manager will work closely with Corporate Counsel to align compliance strategy with regulatory obligations and legal risk considerations. The GRC Manager partners heavily with IT and Information Security teams to translate technical controls and security frameworks into business-aligned processes and documentation. Collaboration with Product and Engineering may be required to ensure that data handling, system controls, and security practices align with compliance requirements. In addition, the position supports client-facing teams including Sales, Account Management, and Customer Success by responding to due diligence requests, security questionnaires, and audit inquiries, helping to build trust with lender clients and external stakeholders. The role will also coordinate with Operations and Data functions, to support data quality auditing and integrity initiatives. Externally, the GRC Manager will interact with third-party auditors, vendors, and client stakeholders to support audits, vendor risk management, and compliance assurance activities. THE OPPORTUNITY: The GRC Manager will mature and scale the company’s GRC capabilities during a period of growth. This role offers the opportunity to build structure, drive process improvements, and enhance the company’s compliance posture in a highly regulated environment. The position plays a critical role in establishing and maintaining audit readiness (including SOC 2 Type II), strengthening vendor risk management practices, and improving the efficiency and quality of client-facing due diligence responses. The individual will help translate evolving regulatory and security requirements into actionable, business-aligned controls that support both internal operations and external trust. This is a highly cross-functional and visible role with the opportunity to influence how compliance, risk, and security practices are operationalized across the organization. The ideal candidate will bring both strategic thinking and hands-on execution, helping F&I Sentinel continue to build credibility with financial institution partners while supporting scalable, sustainable growth.

Requirements

3–6+ years of professional working experience
Hands-on experience with SOC 2 audits, either managing or as a key contributor
Working knowledge of security frameworks such as NIST CSF, ISO 27001, FTC Safeguards Rule, or similar
Proven ability to draft and manage security questionnaire responses for enterprise clients
Strong written communication skills - you will be writing client-facing materials that reflect the company's professionalism
Ability to operate independently, manage multiple workstreams, and escalate appropriately
Comfort working in a fully remote environment with a distributed team
Ownership mindset: takes full accountability for outcomes, follows through, and proactively addresses gaps
Detail-oriented and quality-driven: maintains high standards for documentation, accuracy, and audit readiness
Sound judgment and discretion: handles sensitive security and compliance information appropriately
Strong written communicator: translates complex technical and regulatory concepts into clear, client-ready language
Cross-functional collaborator: builds trust and works effectively across Legal, IT, Security, and business teams
Process-oriented and disciplined: creates repeatable, scalable workflows and continuously improves them
Risk-aware and pragmatic: balances regulatory requirements with business practicality and speed
Self-directed and organized: manages multiple priorities independently in a remote environment
Continuous learner: stays current on evolving regulations, frameworks, and industry best practices
Problem-solver: identifies root causes, proposes solutions, and drives issues to resolution
Client-focused: understands the importance of external trust and represents the company professionally in due diligence interactions
Adaptable and resilient: operates effectively in a growing, evolving organization with shifting priorities.

Nice To Haves

Experience in fintech, insurtech, automotive finance, or another regulated industry
Familiarity with F&I (Finance & Insurance) products or the automotive dealer ecosystem is a strong plus
Exposure to vendor/third-party risk management programs
Understanding of basic data privacy requirements (CCPA, state privacy laws)
Experience with data quality analysis and reporting tools
Bachelor's degree in Information Systems, Business, Accounting, Risk Management, or a related field; relevant certifications such as CISA, CRISC, or GRCP are a plus

Responsibilities

Drive SOC 2 Type II audit readiness end-to-end: evidence collection, auditor coordination, and remediation tracking
Execute internal audit procedures across operations for accuracy, completeness, and compliance
Document audit findings, develop corrective action plans, and track remediation to closure
Maintain GRC documentation including control narratives, procedures, and supporting artifacts for continuous audit readiness
Support BCP, DR, and IR programs, including tabletop exercises and plan testing
Own and optimize the end-to-end Due Diligence Questionnaire (DDQ) response workflow, drafting, reviewing, and delivering responses to security questionnaires, Request For Proposals (RFP), and vendor assessments that build trust with lender clients
Partner with IT, infosec, operations, and leadership to serve as the liaison between technical teams and client-facing engagements
Exercise sound judgment in determining how to frame sensitive topics and how to present the company’s security posture accurately
Develop efficiencies through process improvements, implementation of automation and tools, and standardizing responses
Manage and continuously improve the vendor risk program, maintaining a current inventory of third-party providers with data access or critical dependencies
Apply and refine risk tiering based on data sensitivity, business impact, and regulatory exposure
Conduct periodic reviews of critical and high-risk vendors; track remediation of findings and ensure contractual compliance
Maintain vendor risk documentation that supports audit readiness and DDQ responses
Assist in maintaining the risk register; identify emerging risks and document mitigating controls
Assist with risk assessments; operationalize mitigation strategies and validate controls
Partner with the Data Analyst to define data quality audit criteria and compliance-focused reporting requirements
Review data quality results for accuracy and completeness; identify and escalate data integrity issues
Design data checks and guardrails that ensure operational data integrity across products