Governance, Risk, Compliance (GRC) Manager

The role:

The Governance, Risk, Compliance Manager (GRC) is responsible for the creation, maintenance, monitoring and iteration of the GRC requirements of the entire Global Security & Investigations team. The team consists of the Physical Security Team, the Internal Investigations Team and the Executive Protection Team. Key areas of responsibility include: all governance, risk, compliance, issue management, business impact analysis, business controls testing, audit and regulatory engagement, business continuity, and RCSA. This role reports directly to the Head of Global Security & Investigations and will work closely with leaders across the enterprise. This role has the potential to grow into a larger scope, assisting senior members of the Legal Team with their GRC requirements.

What You’ll Do:

• Create and maintain Physical Security, Internal Investigations, Executive Protection policies, standards, procedures and process documents.
• Manage all audit, regulatory requirements and interactions for Physical Security and Internal Investigations.
• Assist the Head of Global Security & Investigations in the development, implementation and supervision of operational, strategic and tactical planning.
• Manage all operation risk management requirements for all teams.
• Ensure adherence to legal, regulatory, and internal company standards, including data privacy and protective intelligence requirements.
• Evaluate security risks posed by vendors and contractors.
• Create and manage risk registers, tracking, and reporting for security, executives, and corporate leadership.
• Own the issue management process for the entire Global Security & Investigation Team.
• Collaborate with Business Controls Testing to ensure all controls are operating effectively.
• Partner and work closely with the Internal Investigations Director.
• Partner and work closely with the Physical Security Senior Manager.
• Partner with the Site Leadership Team to plan and prepare for emergencies, including natural disasters, injury, workplace threat, etc.
• Effectively build relationships and communicate with key executive and employee stakeholders across the enterprise.
• Evaluate policy, standard, procedure, process document adherence.
• Analyze the root cause of compliance breaches.
• Assist in the management of incident response to mitigate risks.
• Collect and analyze data to create respective documentation and reports.
• Create and maintain dashboards to show a comprehensive overview of data from different sources, to include monitoring, measuring, and analyzing relevant data in key areas.
• Work closely with the Business Continuity Team to ensure business impact analysis compliance.
• Prepare materials for presentation to the General Counsel, Chief Financial Officer and Chief Executive Officer.

What you’ll need:

• 5 years of experience working in governance, risk management, or compliance.
• Ability to maintain discretion and confidentiality.
• Experience with the risk control self assessment process.
• Experience with the issue management process.
• Strong analytical skills for identifying, mitigating, and monitoring risks.
• Proven ability to solve complex and sensitive problems, and to work well under pressure.
• Strong written and verbal communication skills for collaborating with stakeholders.
• Technical curiosity and an interest in exploring data and understanding multiple systems.
• Experience with risk assessment frameworks (NIST, ISO 27001).
• Ability to work collaboratively with a strong attention to detail.
• Experience operating in a matrix environment.
• Ability to handle multiple and ever-changing priorities in a fast-paced environment.