Manager, GRC

About The Position

Requirements

• Bachelor of Science in Computer Science, Information Technology, Risk Management, Legal Studies, Business, or a related field required.
• Industry certification required (e.g., CISA, CRISC, CISSP, or equivalent).
• Minimum of five (5) years' experience in GRC, audit, risk management, or compliance leadership roles required.
• Strong understanding of risk frameworks (e.g., NIST CSF, NIST 800-171, ISO 27001, SOC 2).
• Direct experience managing regulatory requirements such as PCI-DSS, DFARS, and HIPAA.
• Demonstrated ability to manage cross-functional projects and compliance initiatives.
• Excellent communication and documentation skills, including presenting to executives and auditors.
• Experience managing and maintaining GRC platforms or compliance tracking systems.
• Familiarity with legal hold, third-party risk, and incident response documentation processes.
• Experience with business continuity and incident response procedures aligned with Federal and State laws and regulations.
• Ability to lead with strategic vision while executing day-to-day operational details.
• Excellent organizational and time management skills with the ability to manage multiple priorities.
• Strong critical thinking, negotiation, and interpersonal skills.
• High integrity and ability to handle confidential or sensitive information appropriately.
• Applicants must be currently authorized to work in the US for any employer.
• Ziply Fiber requires a pre-employment background check as conditions of employment.
• Ziply Fiber may require a pre-employment drug screening.
• Ziply Fiber is a drug free workplace.

Responsibilities

• Lead and manage the GRC team, ensuring clear direction, motivation, and support.
• Recruit, train, and retain skilled professionals in governance, risk, and compliance.
• Set performance objectives, conduct regular evaluations, and provide constructive feedback.
• Leads initiatives that support vendor risk oversight, internal policy enforcement, legal hold coordination, and audit readiness.
• Drives operationalization of Ziply's compliance commitments and serves as the key liaison to auditors and regulators.
• Own and lead the full lifecycle of policy development, executive approval, publication, and cross functional enforcement across business units.
• Drive alignment with critical frameworks (NIST 800-171, PCI-DSS) and maintain compliance with all applicable state and federal regulations.
• Heads the audit process, leads internal and external audit readiness and response efforts, overseeing control testing, evidence collection, remediation, and closeout reporting.
• Manage and maintain the enterprise risk register; drive mitigation planning, track issue resolution, and escalate emerging threats to senior leadership.
• Oversee third-party risk management, including vendor assessments, compliance attestations, contractual risk reviews, and annual reassessments.
• Serve as GRC lead for M&A activities-conducting due diligence, identifying control gaps in acquired entities, and ensuring compliance integration post-close.
• Own the business continuity and disaster recovery (BC/DR) governance program; oversee planning, documentation, testing, and incident response readiness across business units.
• Coordinate legal hold and regulatory inquiry response efforts, ensuring proper documentation handling and defensibility of enterprise actions.
• Produce and deliver executive-level reports on risk trends, control maturity, audit findings, and overall compliance posture.
• Lead stakeholder collaboration initiatives to drive policy adherence and embed compliance into day-to-day operations.
• Establishes company compliance program policies and processes and creates awareness and training programs tailored to business function and risk profile.
• Reviews company marketing materials to ensure they remain in compliance.
• Lead a team of GRC analysts; oversee their risk assessments, remediation plans, documentation efforts, and audit support.
• Partner cross-functionally with Legal, Security, IT, and Operations to enforce unified and consistent governance and compliance practices.
• Own and drive continuous improvement of compliance maturity, business continuity readiness, and risk visibility across the organization.
• Manage and maintain GRC platforms or compliance tracking systems.
• Performs other duties as required to support the business and evolving organization.

Benefits

• Comprehensive health benefits include - medical, dental, vision, 401k, flexible spending account, paid sick leave and paid time off, parental leave, quarterly performance bonus, training, career growth and education reimbursement programs.