Job Search

Seeking a strategic and experienced GRC (Governance, Risk, and Compliance) Manager for a 6-month remote contract to provide leadership and direction for key security programs. This critical role will be responsible for developing program roadmaps, defining, and reporting on key metrics, and driving the implementation of controls and activities within these programs.

• Remote – potential onsite visit for onboarding in Denver, CO or Washington, DC
• Citizenship Requirements: Must be eligible to work remotely in the US

Role Description:

The ideal candidate will be a thought leader in GRC, possess strong process ownership skills, and have expert knowledge of compliance automation platforms such as Drata or Vanta. This position will be primarily remote, but will require an initial onsite visit for onboarding in either the Denver, Colorado or Washington D.C. metropolitan area.

Responsibilities:

• GRC Program Leadership and Strategy:
• Provide thought leadership, direction, and evangelize the importance of GRC programs across the organization remotely.
• Oversee the development of the programs’ roadmap, aligning with business objectives and regulatory requirements.
• Define and report on metrics for roadmap milestones, including the implementation of controls, development of metrics, and planning, driving, and ensuring completion of key activities within these programs.
• Process Ownership:
• Serve as the process owner for the following critical security programs:
• Third Party Security Risk Management: Developing, implementing, and maintaining processes for assessing and mitigating security risks associated with third-party vendors and partners.
• Data Loss Prevention (DLP): Establishing and managing policies, procedures, and technologies to prevent sensitive data from leaving authorized control.
• Security Awareness & Training: Developing and overseeing comprehensive security awareness and training programs for employees to foster a security-conscious culture.
• Policy & Maintenance Programs Administration: Creating, maintaining, and administering security policies, standards, and guidelines, ensuring they are up-to-date and effectively communicated.
• Metrics and Reporting:
• Define key performance indicators (KPIs) and metrics to track the progress and effectiveness of the GRC programs.
• Develop and deliver regular reports on program status, milestones, and identified risks to relevant stakeholders remotely.
• Control Implementation and Oversight:
• Oversee the implementation and maintenance of security controls across the programs to ensure compliance and mitigate risks.
• Work collaboratively with various teams to embed security controls into relevant processes and workflows.
• Compliance Automation Platform Expertise:
• Leverage expert knowledge of Drata or Vanta to automate compliance processes, manage evidence collection, and streamline audits.
• Utilize the platform to generate reports, track compliance against frameworks, and manage security controls effectively.
• Collaboration and Communication:
• Collaborate effectively with cross-functional teams, including Legal, IT, and Business units, to ensure alignment on GRC initiatives remotely.
• Communicate clearly and effectively on GRC matters to various audiences, including executive leadership, through virtual meetings, presentations, and written documentation.
• Onboarding:
• Be available for an initial onsite visit for onboarding purposes in either the Denver, Colorado or Washington D.C. metropolitan area (travel and accommodation expenses will be [specify if reimbursed or covered by the company]).

Required Qualifications:

• Minimum of 5-7 years of progressive experience in Governance, Risk, and Compliance (GRC) roles.
• Proven experience in developing and managing GRC programs and roadmaps.
• Strong understanding of relevant security frameworks and regulations (e.g., SOC 2, ISO 27001, GDPR, CCPA).
• Demonstrated experience as a process owner for key security programs such as Third Party Risk Management, DLP, Security Awareness, and Policy Management.
• Expert-level knowledge and hands-on experience with either Drata or Vanta.
• Excellent remote communication, presentation, and interpersonal skills.
• Strong analytical and problem-solving abilities.
• Ability to work independently and 1 collaboratively in a remote environment. 2  
• Willingness and ability to travel to either the Denver, Colorado or Washington D.C. metropolitan area for an initial onboarding.

Preferred Qualifications:

• Relevant certifications such as CISA, CISM, CRISC, or CISSP.
• Experience with other GRC tools and technologies.
• Experience working in a fast-paced and dynamic environment.