Senior Manager, Governance, Risk & Compliance (GRC)

Jostens LearningMinneapolis, MN
113d$144,500 - $176,500
Match Resume

About The Position

As the Senior Manager, Governance, Risk & Compliance (GRC), you will lead the enterprise-wide GRC program, overseeing policy management, security risk processes, third-party risk, and compliance with critical regulatory frameworks such as PCI DSS, SOX ITGC, and SOC 2. This role is both strategic and hands-on requiring strong leadership, deep security expertise, and executive-level communication. You'll collaborate cross-functionally with teams in IT, Legal, Audit, and business units to reduce risk, strengthen security posture, and ensure compliance across global operations.

Requirements

  • Education: Bachelor's degree in Information Security, Computer Science, or related field required.
  • Experience: 8+ years of progressive Information Security experience, with at least 5 years in GRC-focused leadership roles.
  • Team Leadership: Proven experience managing and mentoring security teams (3-5 direct reports, contractors, or consultants).
  • Policy Management: Demonstrated ability to manage the full policy lifecycle (development, approval, publication, communication, and adoption).
  • Risk Management: Direct experience with enterprise risk management programs, risk registry ownership, and risk reporting to executives.
  • Control Assurance: Experience establishing and monitoring continuous control monitoring and assurance processes to validate control design and effectiveness.
  • Compliance: Hands-on leadership of PCI DSS Level 1, SOX ITGC, and SOC 2 (Type 1 and Type 2) programs, including audit readiness and evidence management.
  • Framework Knowledge: Strong knowledge of ISO 27001/27002, NIST CSF, and other security and risk frameworks.
  • Third-Party Risk: Practical experience with third-party/vendor risk management and platforms such as OneTrust.
  • Contract Review: Experience reviewing and negotiating security and privacy clauses in vendor and customer contracts, in partnership with Legal and Procurement.
  • Business Continuity: Familiarity with backup immutability, disaster recovery, and business continuity testing as part of compliance and risk assurance.
  • Executive Reporting: Skilled at translating technical risks and control health into executive and board level reporting (KRIs/KPIs, risk heat maps, dashboards).
  • Program Management: Strong ability to manage multiple projects, priorities, and compliance obligations simultaneously.
  • Certifications: Relevant certifications such as CISSP, CISM, CISA, CRISC, PCI ISA, or equivalent.
  • Communication: Exceptional ability to influence, present, and communicate risk concepts to both technical and non-technical stakeholders, including senior executives.

Nice To Haves

  • Industry Knowledge: Experience in manufacturing and/or retail industries.
  • Privacy: Knowledge of privacy compliance requirements (CCPA/CPRA, GDPR) and alignment of security with privacy programs.
  • Cloud/SaaS Security: Familiarity with SaaS and cloud platforms (AWS, M365, Salesforce, Snowflake).
  • GRC Tools: Hands-on experience with enterprise GRC platforms such as ZenGRC, OneTrust.
  • Emerging Tech: Awareness of AI governance, cloud security posture management, and OT/IoT security frameworks.
  • Continuous Improvement: Experience in maturing security programs using industry frameworks such as NIST CSF maturity models.

Responsibilities

  • Lead the Enterprise GRC Program. Oversee information security policy development, control monitoring, and compliance initiatives across the organization.
  • Own the Policy Lifecycle. Manage the creation, review, approval, and communication of security policies, ensuring adoption and alignment with frameworks.
  • Drive Cybersecurity Strategy. Align security initiatives with organizational objectives, regulatory requirements, and executive priorities.
  • Manage the Risk Registry. Lead risk identification, scoring, treatment planning, and ongoing tracking in collaboration with business and IT stakeholders.
  • Advance Third-Party Risk Management. Conduct vendor due diligence, assess ongoing risk, and ensure contract language meets security/privacy standards.
  • Coordinate Compliance Programs. Lead audit readiness and evidence management for PCI DSS Level 1, SOC 2, and SOX ITGC audits.
  • Oversee GRC Platforms. Manage tools like ZenGRC to automate control workflows, risk tracking, and policy approvals.
  • Deliver Executive Reporting. Provide leadership and Board-level reporting using dashboards, metrics, KRIs, and business impact narratives.
  • Lead Security Awareness Programs. Oversee company-wide and targeted training programs, and champion a culture of security awareness.
  • Collaborate Cross-Functionally. Serve as a bridge between Legal, Audit, Engineering, IAM, and Security Operations, ensuring alignment and accountability.
  • Support Emerging Risk Areas. Contribute to governance programs related to AI, cloud security posture, OT/IoT, and business continuity.
  • Supervise & Develop Talent. Lead a GRC team based in the Dominican Republic, fostering professional growth and aligning resources to strategic goals.

Benefits

  • Competitive healthcare (health, dental, vision, coverage) in addition to voluntary benefits including home and car insurance, pet insurance, flexible spending account.
  • 401K plan with immediate vesting.
  • Hybrid schedule with on-site work 3 days a week.
  • Accrued paid time off and company paid holidays.
  • Tuition reimbursement after 6 months of service.
  • Salary range of $144,500 - $176,500 with annual 20% bonus eligibility.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume

What This Job Offers

Job Type

Full-time

Career Level

Senior

Education Level

Bachelor's degree

Job Search Resources

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service