This is a Contract-to-Hire position
Wright Technical Services is proud to represent a Fortune 500 Global Manufacturer and Industry Leader for this position. The Manager of, IT Governance, Risk and Compliance (GRC) oversees the development, implementation, and management of our IT governance, risk, and compliance program. This role will be responsible for ensuring that the IT organization adheres to relevant regulatory requirements, applicable laws, regulations, internal policies and best practices while identifying, assessing, and mitigating IT risks. The ideal candidate will have a deep understanding of regulatory frameworks, risk management methodologies, and compliance standards to help shape the organization’s IT risk posture and governance policies.
The Manager, IT GRC is the "process owner" for all IT-related risk assessment and identification activities, support of applicable IT controls audits, IT compliance programs, IT policy, standard and procedures management. The ideal candidate for this position is a proven thought leader, problem solver, and integrator of people and processes. They must possess solid domain competencies in IT-GRC-related disciplines, including security, governance, risk management and compliance. This role requires significant coordination, prioritization and communication skills and solid business process knowledge.
Qualifications
- Minimum of a Bachelor’s degree in Information Technology, Cybersecurity, Business, or related field is required.
- Minimum 5+ years of experience in IT GRC, IT Risk Management, and compliance (additional experience preferred across security, privacy, compliance, business continuity).
- Minimum 3+ years of experience in a leadership position.
- Relevant industry certifications are highly preferred: CISSP, CISA, CRISC, CISM, CGEIT
- Experience with GRC tools and platforms such as Archer, OneTrust, or ServiceNow GRC
- Strong knowledge of relevant laws, regulations, and industry standards, i.e. SOX, GDPR, ISO 27001, NIST, CMMC, ITAR, etc.
- Experience working in Global Manufacturing is highly preferred
Knowledge:
- Strong understanding of IT systems, networks, and security controls.
- Experience working with internal and external auditors to ensure compliance with regulations and standards.
- Experience conducting risk assessments, internal/external audits, vendor security assessment, completing customer assessments and questionnaires and implementing compliance frameworks.
- Experience with cloud security and compliance frameworks related to cloud service providers.
Competencies:
- Strong analytical and problem-solving skills to assess risks and recommend controls.
- Excellent communication and collaboration with IT and business stakeholders at all levels.
- Proven project management skills, leading cross-functional teams and managing multiple GRC initiatives.
- Effective presentation skills for both technical and non-technical audiences.
- High attention to detail in navigating complex regulatory environments.
- Strong leadership and team-building, fostering collaboration and accountability.
- High personal integrity in handling sensitive matters with professionalism.
- Self-driven, dependable, and able to work with minimal supervision.
Description
- Develop, implement, maintain and optimize IT GRC program in collaboration with senior cyber and info security leadership.
- Provide oversight and guidance to IT teams and business units to ensure compliance with relevant laws and regulations, as well as internal policies and standards.
- Conduct risk assessments, identify gaps, and recommend controls to mitigate IT and third-party-related risks.
- Conduct security framework assessments, i.e NIST CSF assessment.
- Collaborate with IT and business stakeholders to ensure that IT systems and processes meet business needs while maintaining compliance with regulations and internal policies.
- Keep up to date with changes to laws, regulations, and industry standards related to IT GRC and communicate the impact of these changes to relevant stakeholders.
- Oversee compliance efforts, including audits, certifications, and assessments related to IT security and other regulatory requirements (e.g., SOX, GDPR, CMMC, HIPAA, PCI-DSS, Statutory).
- Coordinate and manage IT audit processes, including responding to auditors, gathering evidence, and managing audit findings, in close collaboration with internal and external auditors.
- Track and follow up on deficiencies identified in monitoring reviews, self-assessments, automated assessments, and internal and external audits to ensure that appropriate remediation measures have been taken.
- Lead and manage a team of GRC professionals, providing guidance, mentorship, and professional development opportunities.
- Establish and track KPIs and metrics to report on the effectiveness of GRC programs to senior leadership.
- Implement risk management tools and processes to continuously assess the IT environment and mitigate identified risks.
- Benchmark the GRC management practices of other companies — particularly those in related industries or with similar business models — maintain an up-to-date understanding of industry best practices
- Acts as GRC liaison with all levels of the IT organization and with the lines of business and other internal departments and organizations.
- Other duties as assigned
Eligibility: All applications current authorized to live and work in the United States on a Permanent basis are welcome to apply. Must be currently residing in the US. Sponsorship is not available for this position.
Wright Technical Services and our client are Equal Opportunity Employers. We celebrate diversity and are committed to creating an inclusive environment for all employees. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.