Manager - IT Governance, Risk and Compliance

About The Position

Requirements

• Bachelor’s Degree with 5 or more years of related experience is preferred. An equivalent combination of education and/or experience will be considered.
• Advanced leadership experience in dynamic, fast paced environments.
• Advanced decision making, problem solving, and prioritization skills.
• Advanced verbal and written communication skills.
• Good interpersonal, communication and leadership skills; ability to motivate people and manage resources effectively and work with business partners to achieve goals.
• Business acumen, knowledge and professionalism; understand how a business operates with the ability to develop and articulate the value proposition of a new process.
• Functional knowledge in project management skills.
• Must be self-motivated with the ability to work independently and in a team environment.
• Knowledge of industry-standard security frameworks (e.g., NIST CSF, ISO 27001, CIS Controls) and regulatory requirements (e.g., SOX, SEC, GDPR, HIPAA, CMMC).

Nice To Haves

• Experience building an IT GRC function within a global organization.
• Experience building an IT Third-Party Risk function within a global organization.
• Industry recognized certifications such as the CRISC, CISA, CISSP, CISM, and/or CGEIT are preferred.
• Experience in the use and administrative setup of GRC software platforms (e.g., Vanta, ServiceNow GRC).

Responsibilities

• Develop and maintain the Cybersecurity GRC framework, policies, standards, and procedures in alignment with regulatory requirements (e.g., ISO 27001, NIST CSF, Cyber Essentials +, SOC 2, GDPR, CMMC Level 2,3)
• Develop, maintain, and socialize IT and cybersecurity policies, standards, and procedures across the organization.
• Oversee risk mitigation and the IT risk register, lead risk assessments.
• Develop, and oversee IT control effectiveness.
• Experience with IT Control design review and validation.
• Coordinate internal and external cybersecurity audits and assessments, tracking findings through remediation.
• Oversee customer assessments and questionnaires.
• Build, coordinate and oversee Third-Party risk management
• Lead the execution of the multi-year GRC Program roadmap, tracking and reporting on key performance indicators (KPIs) and key risk indicators (KRIs) to executive leadership.
• Drive continuous improvement in security controls and GRC processes by implementing best practices and automating controls where feasible.
• Responsible to exemplify and hold their team accountable to demonstrating the Plexus Core Values.
• Leader will focus on evaluating potential, driving succession planning, and ensuring their employees receive the development and coaching required to realize their full potential.
• All GT leaders are accountable for upholding the organization's cybersecurity posture by adhering to security policies and procedures, actively participating in training, protecting data and systems, actively identifying and mitigating vulnerabilities, and promptly reporting any suspicious activity or potential security incidents.

Benefits

• medical, dental, and vision insurance
• paid time off
• retirement savings
• opportunities for professional development
• work-life balance
• variety of perks to enhance the team member experience