Governance, Risk, and Compliance Manager

Position Summary

The Governance, Risk, and Compliance Manager will oversee the strategic direction, establishment/execution of objectives, and/or people management of the Security and Compliance function. This role will create and manage security compliance policies and procedures. The role will plan, implement, manage, monitor, and upgrade solutions to defend against cyberattacks, hacking attempts, and threats.

Expected Duties

The Governance, Risk, and Compliance Manager will be responsible for identifying, assessing, and mitigating risk. This may include establishing risk management procedures and processes to ensure adherence to policies.

• Specializes in developing, evaluating, and implementing compliance with programs and processes to mitigate cybersecurity risk.
• Responsible for ensuring protection of firm and allied assets and information.
• Conducts security risk assessments, compliance, and cybersecurity audits.
• Selects, develops, and evaluates personnel to ensure the efficient operation of the function.
• Oversees the development, evaluation, and implementation of governance, risk compliance, and processes to mitigate cybersecurity risk and ensure the protection of company and allied assets and information.
• Researches and interprets current and pending laws and regulations, industry standards, and customer and vendor contracts to understand and communicate compliance requirements.
• Consults with business and technical leadership to ensure that data, processes, and technology are designed for data protection and compliance.
• Oversees information security risk assessments and compliance audits; directs the development and operational effectiveness of IT security controls.
• Monitors investigations and documentation of cybersecurity compliance issues and incidents.
• Reviews information security risk findings and non-compliance with business leaders and proposes solutions to mitigate risks.

Qualifications: Knowledge, Skills, and Abilities

• Bachelor’s degree in Information Security, Business Administration, IT, or related field.
• 5–7 years of experience in governance, risk management, and compliance.
• Ability to provide guidance to subordinates within the latitude of established MeridianLink policies.
• Ability to recommend changes to policies and establishes procedures that affect section or multiple disciplines.
• Ability to execute financials, business planning, organizational priorities, and workforce.
• Ability to follow processes and operational policies in selecting methods and techniques for obtaining solutions.
• Ability to develop and manages operational initiatives to deliver tactical results.
• Interacts frequently with subordinate supervisors, customers, and/or functional peer group professionals, involving matters between sections and multiple units.
• Responsible for impact partnering with key contacts outside own area of expertise and other external stakeholders.
• Ability to effectively communicate and present results and recommendations across discipline.
• Hands-on experience with GRC platforms (RSA Archer, ServiceNow GRC, MetricStream) and risk assessment tools.
• Experience with SOC 2 Type 2 and PCI audits.

Preferred Qualifications

• CISA (Certified Information Systems Auditor)
• CRISC (Certified in Risk and Information Systems Control)
• CISM (Certified Information Security Manager)
• CISSP (Certified Information Systems Security Professional)
• GRCP (GRC Professional) or CGRC (Governance, Risk & Compliance Certification) for specialized GRC knowledge.

Key skills/competency

• GRC Platforms
• Risk Management
• Cybersecurity Audits
• Compliance Policies
• Information Security
• Data Protection
• Incident Response
• Regulatory Research
• Stakeholder Engagement
• IT Security Controls