IT Governance, Risk, & Compliance Manager

About The Position

Requirements

• 4+ years of Project Management-relevant work experience with a Bachelor's degree.
• 6+ years of Project Management-relevant work experience without a Bachelor’s degree.
• 5–7 years of hands-on experience in IT governance, risk management, and compliance or IT audit roles.
• Strong understanding of IT general controls, risk assessment methodologies, and regulatory compliance best practices.
• Ability to evaluate and manage risks associated with external service providers to ensure their preparedness aligns with organizational resilience and statutory requirements.
• Proficiency in using GRC and audit management tools.
• Strong knowledge of SOX; familiarity with ISO/IEC 27001.
• Proficient in using ServiceNow IRM and AuditBoard
• Excellent communication, collaboration, attention to detail, problem-solving, adaptability, leadership, integrity.

Nice To Haves

• A Master’s degree in Information Security, Information Systems, Business Administration, or a related field is a plus.
• Possession of at least one relevant information security or audit certification, such as CISA, CISM, or CISSP (required).
• Familiarity with other governance, risk, and security frameworks or regulations (e.g., NIST CSF, COBIT, GDPR) is beneficial.
• Experience in developing or maturing GRC or IT Resilience programs, as well as prior experience leading or mentoring a team in risk management or compliance initiatives.
• Strong business acumen, with the ability to align GRC efforts to support organizational goals and improve operational resilience.
• Experience in driving process improvements and adapting GRC strategies in response to emerging risks or changes in the business environment.

Responsibilities

• Facilitate internal and external IT audits by working closely with auditors. Support alignment on audit scope, ensure auditors receive necessary documentation, and track audit status from initiation to completion. Manage post-audit activities, including addressing findings and implementing corrective action plans to remediate control deficiencies in a timely manner.
• Oversee and drive compliance with relevant laws, regulations, and industry standards. Maintain up-to-date knowledge of regulations and standards such as SOX and ISO 27001, ensuring that IT policies and controls meet those requirements. Conduct regular IT risk assessments and maintain a risk register, developing mitigation strategies for identified risks, and monitoring their effectiveness.
• Perform and document SOC report reviews to ensure critical service providers meet the organization’s operational resilience standards and regulatory compliance requirements. Address any identified risks in vendor relationships by recommending and following up on mitigation actions.
• Perform self-assessments to ensure timely identification and remediation of issues regarding software usage. Manage the preparation of vendor audits with internal stakeholders. Facilitate the vendor audit to ensure alignment on scope and timely support of documentation requests. Manage post-audit activities including remediation in a timely manner.
• Prepare clear and comprehensive reports for IT leadership and relevant stakeholders on the state of IT compliance, risk levels, audit outcomes, and remediation progress. Present findings and recommendations in a concise, professional manner to support informed decision-making by senior management.
• Support the development of IT governance policies, standard operating procedures, and control documentation. Ensure all policies are aligned with best practices and regulatory requirements, communicated to all relevant personnel, and regularly reviewed for effectiveness. Promote a strong governance and compliance culture through training and awareness initiatives.
• Utilize GRC platforms such as ServiceNow IRM and AuditBoard for tracking compliance activities, managing risk assessments, documenting controls, and monitoring the status of audits and remediation efforts. Leverage these tools to streamline workflows and improve visibility into the organization’s risk and compliance posture.
• Work closely with cross-functional teams—including IT Operations, Information Security, Internal Audit, Finance, and Legal—to ensure a holistic approach to governance, risk, and compliance. Serve as a central point of contact for GRC matters, facilitating collaboration and consensus among stakeholders and ensuring that compliance and risk management objectives are integrated into business processes.

Benefits

• competitive annual discretionary bonus program
• opportunity for annual RSU grants
• highly competitive benefits package
• US benefits