Governance, Risk, and Compliance Manager (27235)

Governance, Risk, and Compliance (GRC) Manager

Location: St. Paul, MN (Corporate Office)

Reports to: Director of Infrastructure and Cybersecurity Services

Direct Reports: None

Travel: Up to 10% within N. America

Job Type: 6-month Contract-to-Hire

Salary: $110k – $150k per year

Job Overview

The GRC Manager will lead the development, implementation, and management of IT governance framework. This role ensures alignment between IT operations and business goals, adheres to regulatory standards, and mitigates risks related to information security, data privacy, and business continuity. You will work closely with internal and external stakeholders, providing guidance on IT policies and controls to protect critical assets and optimize processes.

Key Responsibilities:

• Governance Framework Development: Design and maintain IT governance frameworks (COBIT, ITIL, ISO 27001) aligned with business and industry standards.
• Risk Management: Identify, assess, and mitigate risks related to information security, system availability, and data privacy.
• Policy Enforcement & Compliance: Monitor adherence to regulatory requirements (e.g., GDPR, HIPAA, SOX) and ensure policies are up to date.
• Audit Coordination & Reporting: Facilitate IT audits, identify control gaps, and report governance and compliance metrics to senior management.
• Control Monitoring: Implement key controls and performance indicators to assess IT effectiveness and risk exposure.
• Project Management: Lead compliance-related project planning, tracking, and resource management.
• Stakeholder Engagement: Collaborate with business, legal, and risk teams to align IT governance with corporate governance.
• Incident Response & Management: Oversee incident management, including post-incident reviews to enhance control effectiveness.
• Training & Awareness: Develop training programs to enhance staff awareness of IT governance, risk, and compliance.
• Vendor & Contractor Management: Conduct vendor risk assessments, manage service agreements, and ensure compliance.
• Reporting & Documentation: Maintain detailed records of compliance activities and regularly update senior management.

Qualifications:

• Bachelor's degree
• 5 years of experience in IT governance, risk management, or audit-related roles.
• Preferred certifications: CISA, CGEIT, CRISC, COBIT.
• Strong knowledge of IT governance frameworks, risk management practices, and regulatory compliance.
• Experience with IT audits, control assessments, and compliance reporting.
• Knowledge of industry standards such as COBIT, ITIL, ISO, and NIST.