Senior Manager GRC

The Senior Manager of GRC provides strategic leadership and operational oversight for the Governance, Risk & Compliance function within Tolling Operations at (client). This position is responsible for directing and coordinating risk management initiatives, internal governance structures, and compliance programs. This position is also responsible for developing and managing GRC frameworks, overseeing key regulatory compliance programs (including PCI DSS, SOC 1 and SOC 2), conducting vendor risk and third-party assessments, and ensuring alignment with industry standards such as ISO 27001 and NIST. This role ensures alignment of GRC strategies with county-wide objectives, regulatory requirements, and industry best practices, while fostering a culture of integrity, risk awareness, and operational resilience.

Provide executive oversight of Governance, Risk & Compliance programs including policy governance, enterprise risk management, compliance frameworks, and change initiatives. Direct and support the activities of the Manager of Governance, Manager of Risk & Compliance, and Manager of Change Management to ensure program integration, continuity, and effectiveness. Ensure compliance with data security and assurance standards including PCI DSS, SOC 1, and SOC 2 by developing and maintaining relevant policies, controls, and audits. Develop and maintain a comprehensive risk assessment and mitigation strategy for the HCTRA s Tolling Operations. Oversee the third-party risk management (TPRM) program, conducting vendor due diligence, security assessments, and contract reviews to ensure appropriate risk controls are in place. Collaborate with internal departments and external partners to improve operational governance and risk posture. Lead strategic planning and reporting related to GRC objectives and performance metrics. Support training, communication, and awareness programs to cultivate a risk-informed organizational culture. Participate in audit and incident response processes to ensure transparency and appropriate mitigation.

Expert knowledge of compliance and assurance frameworks including PCI DSS, SOC 1, and SOC 2 reporting requirements. Extensive knowledge of risk management, compliance regulations, governance models, and change management frameworks. Strong understanding of IT controls, data protection policies, and third-party risk. Proven leadership and people management skills in cross-functional environments. Excellent analytical, communication, and strategic planning skills with the ability to translate complex security and compliance issues into business-relevant language. Deep understanding of public sector regulatory environments and operations. Ability to build cross-functional relationships and lead multi-departmental initiatives.