GRC LEAD

JOB DESCRIPTION

POSITION: GRC LEAD
DURATION: Long term
Remote

Job Description

Roles & Responsibilities

Governance

• Develop & implement governance frameworks, ensuring alignment with organizational goals, business strategies, & compliance mandates.
• Provide leadership in establishing and improving corporate governance structures, policies, and processes.
• Collaborate with executive leadership to embed a risk-aware culture across the organization.

Risk Management

• Identify, assess, and monitor organizational risks, including operational, financial, reputational, and IT risks.
• Establish and maintain a comprehensive enterprise risk management (ERM) program.
• Lead the periodic risk assessments and mitigation strategies across business units.
• Advise leadership on emerging risks, providing actionable insights to minimize potential impact.

Compliance

• Ensure organization complies with all relevant regulations (e.g., SOX, GDPR, HIPAA, PCI-DSS) & internal policies.
• Oversee internal and external audits and regulatory inspections, managing relationships with auditors and regulators.
• Develop and maintain the company’s compliance policies and ensure alignment with industry best practices.

Controls & Process Improvement

• Design and implement effective internal control systems to mitigate risks.
• Regularly review and improve business processes to ensure efficiency, effectiveness, and compliance with standards.
• Lead incident management & response, ensuring timely resolution & learning from compliance or security breaches.

Leadership & Stakeholder Engagement

• Work closely with C-suite executives to integrate GRC initiatives into the company’s overall strategy.
• Engage with business units to promote understanding of governance, risk, and compliance responsibilities.
• Manage and mentor a team of GRC professionals, providing leadership and ensuring professional growth.

Reporting

• Provide regular risk and compliance reports to the board, audit committees, and senior leadership.
• Develop KPIs and metrics to track the effectiveness of GRC initiatives and ensure continuous improvement.

Technology & Tools

• Stay updated with evolving GRC tools and technologies, ensuring the organization uses the latest solutions for risk management, audit trails, and compliance reporting.
• Lead the implementation of GRC platforms and ensure integration with other business systems for holistic risk management.

Qualifications & Skills

• Bachelor’s degree in Information Security, Finance, Law, or a related field (Master’s degree preferred).
• 10+ years of relevant experience in Governance, Risk, and Compliance, with a strong background in risk management, internal audits, and regulatory compliance.
• Proven leadership experience in managing GRC teams and cross-functional projects.
• Expertise in relevant regulatory frameworks and standards (e.g., SOX, GDPR, HIPAA, ISO 27001, PCI-DSS).
• Strong understanding of enterprise risk management (ERM) frameworks.
• Exceptional problem-solving and decision-making skills, with the ability to communicate complex ideas to both technical and non-technical stakeholders.
• Experience with GRC platforms and tools, such as RSA Archer, ServiceNow GRC, MetricStream, or equivalent.
• Certifications such as CISSP, CISM, CISA, CRISC, or equivalent are highly desirable.

Key Competencies:

• Strategic thinker with the ability to align GRC initiatives to business goals.
• Exceptional communication and presentation skills, with experience working at the C-suite level.
• Strong leadership, influencing, and people management skills.
• Highly analytical and detail-oriented with a proactive approach to risk and compliance challenges.
• Ability to navigate complex regulatory landscapes and manage multiple stakeholders.