IT Governance, Risk, and Compliance (GRC) Lead

About The Position

Requirements

• Bachelor’s degree in Information Technology, Cybersecurity, Risk Management, or a related field, or demonstrated equivalent experience.
• At least 6 years Governance, Risk and Compliance and/or Cyber Security experience.
• Experience leading or engineering enterprise GRC or Risk Quantification platforms.
• Strong knowledge of cybersecurity frameworks, regulatory requirements, and risk management methodologies.
• Ability to communicate risk clearly to both technical and non-technical audience.
• Demonstrated leadership in cross-functional initiatives.
• Strong communication and relationship skills, with the ability to articulate complex technical concepts to non-technical stakeholders.
• Demonstrates a strong, well-rounded understanding of core IT Security domains, and the tools and technologies used within each area.

Nice To Haves

• Retail grocery or PCI-regulated environment experience.
• GRC or Risk Quantification certifications.
• Vendor certifications in GRC related solution.
• Professional certifications such as CISSP, CISM, CISA, CRISC, or similar.

Responsibilities

• Establish and maintain the enterprise GRC charter, scope, and overall operating model.
• Develop and maintain security policies, standards, and procedures aligned with business objectives and regulatory requirements.
• Establish governance processes to ensure security requirements are incorporated into new systems, projects, and technology deployments prior to go-live.
• Promote a culture of compliance, risk awareness, and accountability across IT and business functions.
• Provide regular updates on risk posture, compliance status, and program maturity to IT and Security leadership.
• Integrate other cybersecurity areas into the GRC Program such as Vulnerability Management, Disaster Recover, Business Continuity, Penetration Testing, Third-Party Risk Management, etc.
• Lead the design, configuration, and optimization of the organization’s GRC platform(s).
• Develop scalable workflows for risk assessments, control management, audit tracking, and compliance reporting.
• Integrate GRC tooling with security platforms and enterprise systems to automate evidence collection and improve efficiency.
• Develop dashboards, analytics, and reporting capabilities to provide visibility into cybersecurity posture and risk trends.
• Continuously evaluate and enhance the GRC architecture to align with evolving regulatory requirements and business needs.
• Engage with vendors to improve platform capabilities and ensure solutions meet organizational requirements.
• Ensure GRC tooling and reporting capabilities support executive decision-making, prioritization, and risk transparency across the enterprise
• Align controls with applicable frameworks and regulatory requirements (PCI-DSS, NIST CSF, CIS Controls, FAIR-CAM, etc.) and track compliance/maturity over time.
• Lead coordination of internal and external audits, including evidence collection, control validation, and remediation tracking.
• Monitor retail and adjacent industry risk trends to identify emerging threats and control gaps
• Provide governance oversight to ensure audit findings and regulatory developments are reflected in enterprise
• Build and maintain a centralized enterprise and cyber risk register
• Define and apply a consistent risk taxonomy and assessment approach
• Evolve risk assessments from basic qualitative scoring to scenario-based analysis
• Support leadership in evaluating risk trade-offs, including investment decisions, operational impact, and defined risk tolerance
• Translate risk information into something leadership can utilize in decision making, including clear trade-offs between risk reduction, operational impact, and cost
• Provide structured risk insight to inform strategic planning and prioritization across the Security organization
• Incorporate relevant industry breach patterns and threat developments into scenario-based risk discussions to ensure risk assessments reflect current conditions

Benefits

• Our benefits, including top-tier medical plans and tuition support set us apart.