GRC Manager

About The Position

Requirements

• 5+ years of experience in Governance, Risk, and Compliance (GRC), information security, or compliance-focused roles.
• Deep knowledge of major cybersecurity and risk frameworks, including SOC 2, ISO 27001, and NIST CSF.
• Proven experience leading compliance certifications from framework selection through successful external audit.
• Strong project management skills with the ability to influence and coordinate cross-functional technical and non-technical teams.
• Excellent communication skills, with the ability to translate complex technical requirements into clear business guidance.

Nice To Haves

• Relevant industry certifications such as CISSP, CISA, CISM, or similar.

Responsibilities

• Research, evaluate, and recommend the most appropriate cybersecurity compliance framework(s) (e.g., SOC 2, ISO 27001, NIST CSF) based on business needs, customer requirements, and industry standards.
• Lead end-to-end compliance initiatives, including framework selection, gap assessments, remediation planning, policy and procedure development, and cross-functional coordination.
• Design, implement, and manage an ongoing internal audit and control monitoring program to assess compliance effectiveness.
• Serve as the primary point of contact for external auditors, assessors, and certification bodies throughout the audit lifecycle.
• Maintain compliance documentation, audit evidence repositories, and traceable audit trails.
• Track regulatory changes, evolving standards, and emerging risks to ensure the compliance program remains current and effective.
• Develop and deliver compliance status updates, risk assessments, and key metrics to leadership and stakeholders.
• Drive continuous improvement of governance, risk, and compliance processes.

Benefits

• Annual bonus program
• Paid time off
• Health, dental, vision, and life insurance
• 401(k)-retirement plan
• Night and swing shift differential pay for select roles