1

Governance Risk Compliance Manager Jobs in Indiana

PCI Compliance Lead

Lafayette, IN · On-site

$98K - $199K/yr

... risk mitigation initiatives, and align compliance efforts with broader information security ... Key Accountabilities Program Governance * Develop, manage, and maintain Old National Bank's PCI ...

... compliance, operational risk, privacy, and broader TPRM practices. The position will work within a ... Supporting TPRM program enhancement initiatives, including governance, policy, process, workflow ...

Cybersecurity Risk Analyst

Evansville, IN · On-site

$36.93 - $55.40/hr

Four or more years of experience in cybersecurity, governance, risk and compliance (GRC), or a ... Ability to manage multiple priorities and work effectively across departments Preferred:

Conducting Fair Lending and FCRA Risk Assessments and adjusting related compliance monitoring based ... Skilled in risk assessment, root-cause analysis, and program governance. * Mortgage Underwriting ...

next page

Showing results 1-20

Governance Risk Compliance Manager information

See Indiana salary details

$36.6K

$90.5K

$149.4K

How much do governance risk compliance manager jobs pay per year?

As of Jul 17, 2026, the average yearly pay for governance risk compliance manager in Indiana is $90,496.00, according to ZipRecruiter salary data. Most workers in this role earn between $66,600.00 and $110,900.00 per year, depending on experience, location, and employer.

How does a Governance Risk Compliance (GRC) Manager typically collaborate with other departments to ensure effective risk management?

A GRC Manager works closely with various departments such as IT, legal, finance, and operations to identify, assess, and mitigate risks across the organization. This often involves facilitating cross-departmental meetings, guiding teams through compliance requirements, and ensuring that controls are implemented effectively. Strong communication and project management skills are essential, as GRC Managers must translate complex regulatory requirements into actionable steps for different teams. This collaborative approach helps ensure that risk management strategies are integrated into daily business processes and that compliance goals are met organization-wide.

What is the salary of governance risk compliance?

The salary for a Governance, Risk, and Compliance (GRC) Manager typically ranges from $80,000 to $150,000 annually, depending on experience, location, and industry. Professionals with certifications like CRISC or CISA and strong knowledge of regulatory frameworks may earn higher salaries.

Is governance risk and compliance a good career?

Governance, Risk, and Compliance (GRC) management is a growing field that involves developing policies, managing regulatory requirements, and ensuring organizational integrity. It often requires certifications like CISA or CRISC and skills in risk assessment, policy development, and compliance frameworks. The role offers stability and opportunities across various industries, making it a viable career choice for those interested in organizational governance and risk management.

What does a governance and risk manager do?

A governance and risk manager oversees an organization’s compliance with laws, regulations, and internal policies, identifying and mitigating potential risks. They develop frameworks, conduct audits, and implement controls to ensure operational integrity and reduce vulnerabilities, often using tools like risk assessment software and requiring certifications such as CRISC or ISO standards.

What is the difference between Governance Risk Compliance Manager vs Compliance Analyst?

AspectGovernance Risk Compliance ManagerCompliance Analyst
CertificationsISO 31000, CRISC, CISACCA, CCEP, or similar
Work EnvironmentStrategic, managerial, policy-focusedOperational, detail-oriented, audit-focused
Employer & Industry UsageFinancial, healthcare, corporate sectorsRegulatory agencies, corporations, consulting firms
Search & Comparison IntentUnderstanding managerial roles in governance and riskDetailing compliance procedures and analysis

The Governance Risk Compliance Manager oversees organizational policies, risk management strategies, and compliance frameworks at a strategic level. In contrast, the Compliance Analyst focuses on implementing and monitoring compliance procedures, conducting audits, and ensuring adherence to regulations. Both roles require relevant certifications and are vital in maintaining organizational integrity, but they differ in scope and responsibilities.

What does a Governance Risk Compliance (GRC) Manager do?

A Governance Risk Compliance (GRC) Manager is responsible for developing, implementing, and overseeing policies and procedures to ensure that an organization complies with regulatory requirements and manages risks effectively. They work closely with various departments to identify potential risks, ensure proper governance frameworks are in place, and monitor compliance with relevant laws and standards. GRC Managers play a key role in maintaining ethical practices, preventing legal issues, and helping organizations achieve their business objectives securely and efficiently.

What are the key skills and qualifications needed to thrive as a Governance Risk Compliance Manager, and why are they important?

To thrive as a Governance Risk Compliance Manager, you need expertise in risk assessment, regulatory frameworks, and compliance management, typically supported by a degree in business, law, or a related field. Familiarity with GRC platforms (like RSA Archer or MetricStream), internal audit tools, and relevant certifications such as CISA, CISM, or CRISC is common. Strong analytical thinking, attention to detail, and effective communication help manage complex regulations and drive organizational compliance culture. These skills ensure the organization can proactively identify risks, comply with legal requirements, and maintain operational integrity.

Is GRC an entry level job?

Governance, Risk, and Compliance (GRC) roles are typically not entry-level positions; they usually require several years of experience in compliance, risk management, or related fields. Entry-level roles in GRC may focus on supporting functions, while managerial positions often demand a strong understanding of regulations, policies, and relevant tools like GRC software. Certifications such as CISA or CRISC can also be beneficial for advancement.
What are the most commonly searched types of Governance Risk Compliance jobs in Indiana? The most popular types of Governance Risk Compliance jobs in Indiana are:
What are popular job titles related to Governance Risk Compliance Manager jobs in Indiana? For Governance Risk Compliance Manager jobs in Indiana, the most frequently searched job titles are:
What cities in Indiana are hiring for Governance Risk Compliance Manager jobs? Cities in Indiana with the most Governance Risk Compliance Manager job openings:
Infographic showing various Governance Risk Compliance Manager job openings in Indiana as of July 2026, with employment types broken down into 100% Full Time. Highlights an 88% In-person, 6% Hybrid, and 6% Remote job distribution, with an average salary of $90,496 per year, or $43.5 per hour.
Sr. Director, GRC, IT Controls & Cyber Culture, Orthopedics

Sr. Director, GRC, IT Controls & Cyber Culture, Orthopedics

Johnson & Johnson

Warsaw, IN • On-site

$107K - $144K/yr

Full-time

Retirement, PTO

Posted 3 days ago

New


Johnson & Johnson rating

8.2

Company rating: 8.2 out of 10

Based on 110 frontline employees who took The Breakroom Quiz

29th of 74 rated pharmaceutical


Job description

At Johnson & Johnson,we believe health is everything. Our strength in healthcare innovation empowers us to build aworld where complex diseases are prevented, treated, and cured,where treatments are smarter and less invasive, andsolutions are personal.Through our expertise in Innovative Medicine and MedTech, we are uniquely positioned to innovate across the full spectrum of healthcare solutions today to deliver the breakthroughs of tomorrow, and profoundly impact health for humanity.Learn more at jnj.com

As guided by Our Credo, Johnson & Johnson is responsible to our employees who work with us throughout the world. We provide an inclusive work environment where each person is considered as an individual. At Johnson & Johnson, we respect the diversity and dignity of our employees and recognize their merit.

Job Function:

Technology Enterprise Strategy & Security

Job Sub Function:

Security & Controls

Job Category:

People Leader

All Job Posting Locations:

Palm Beach Gardens, Florida, United States of America, Raritan, New Jersey, United States of America, Raynham, Massachusetts, United States of America, Warsaw, Indiana, United States of America, West Chester, Pennsylvania, United States of America

Job Description:

DePuy Synthes is recruiting for a(n) Sr. Director, GRC, IT Controls andCyberCulture.

Johnson & Johnson announced plans to separate our Orthopedics business toestablisha standalone orthopedics company, operatingasDePuy Synthes. The process of the planned separation isanticipatedto be completed within 18 to24 months, subject to legal requirements, including consultation with works councils and other employee representative bodies, as may berequired, regulatory approvals and other customary conditions and approvals. Should you accept this position, it isanticipatedthat, following conclusion of the transaction, you would be an employee of DePuySynthesand your employment would be governed by DePuy Synthes employment processes, programs, policies, and benefit plans. In that case, details of any planned changes would be provided to you by DePuy Synthes atan appropriate timeand subject to any necessary consultation processes.

Job Overview

This role serves as a senior cybersecurity leader reporting to the CISO, with enterprise accountability for building, maturing, and operationalizing the Governance, Risk & Compliance (GRC) function across DePuy Synthes. The Sr. Director will oversee the BISO manager organization,establishscalable risk governance practices, strengthen security awareness andbehavior basedculture programs, and drive implementation of IT controls and an enterprise assurance framework. The role will also oversee external cybersecurity assessments and disclosures, including cyber insurance, ESG-related cybersecurity inputs, and other third-party assurance activities. This highly visible leadership role will help ensure cybersecurity risk, compliance, control effectiveness, and cultural adoption are consistently managed across the enterprise in support of business priorities, regulatory expectations, and organizational resilience.

Key Responsibilities

  • Build and mature the enterprise GRC function, including governance forums, risk management processes, compliance oversight, control monitoring, issue management, and executive reporting.

  • Provide leadership and oversight for the BISO manager organization, ensuring consistent engagement with business leaders, effective cyber risk advisory support, and alignment of security priorities to businessobjectives.

  • Lead enterprise cyber risk management activities, including risk identification, assessment, mitigation planning, escalation, and reporting to senior leadership and governance bodies.

  • Own the enterprise cybersecurity policy and standards lifecycle - from creation and implementation to continuous review - ensuring clarity, compliance, and alignment with organizational goals.

  • Oversee SOX cybersecurity and IT control activities, including implementation, operating effectiveness,evidencereadiness, remediation tracking, and partnership with Finance, Internal Audit, External Audit, and IT control owners.

  • Establish and operationalize an enterprise IT controls and assurance framework that enables consistent control design, testing, monitoring, reporting, and continuous improvement across the organization.

  • Lead oversight of external cybersecurity assessments and assurance requests, including cyber insurance questionnaires, ESG-related cybersecurity inputs, customer or partner assessments, and other third-party reviews requiring enterprise cyber risk and control representation.

  • Drive cybersecurity compliance with applicable global regulations, standards, and frameworks, ensuring the organization candemonstratecontrol effectiveness and audit readiness.

  • Lead security awareness, behavior, and culture initiatives that improve workforce accountability, reducehumancentricrisk, and embed secure practices intodaytodaybusiness operations.

  • Lead and develophighperformingcybersecurity leaders and teams, fostering a culture of accountability, collaboration, disciplined execution, and continuous improvement.

  • Provideexecutivelevelreporting on cybersecurity risk, compliance status, control effectiveness, assurance outcomes, and program maturity to senior leadership and governance bodies.

Qualifications

Education

  • Required:Bachelor's degree in Information Security, Computer Science, Engineering, ora relatedfield.

  • Preferred: Master's degree (MS, MBA, or equivalent) in Cybersecurity, Information Systems, or Business.

Experience and Skills

Required:

  • 12-14 years of progressive experience in cybersecurity, information security, technology risk management, IT controls, or GRC, including senior leadership roles.

  • Demonstrated experience building or maturing enterprise GRC programs in a regulated, global, or complex operating environment.

  • Experience leading BISO, cyber risk advisory, security governance, or business aligned cybersecurity teams.

  • Deep knowledge of cybersecurity risk management, compliance frameworks, IT controls, SOX control expectations, assurance practices, and audit readiness.

  • Experience overseeing external cybersecurity assessments, including cyber insurance, ESG-related cybersecurity reporting, customer or partner assessments, and third-party assurance requests.

  • Experience building, mentoring, and leading senior level cybersecurity teams.

  • Strong strategic, analytical, and communication skills, with the ability to translate technical risk, control gaps, and compliance obligations into business impact.

Preferred:

  • Experience implementing or transforming enterprise IT controls, SOX programs, control testing, remediation governance, and assurance frameworks.

  • Experience driving cybersecurity awareness, behavior change, and culture programs across a large enterprise.

  • Experienceoperatingin complex, global organizations undergoing transformation or separation.

  • Demonstrated success improvingcybersecuritymaturity, control effectiveness, and risk accountability at scale.

  • Proven ability to influence executive stakeholders andpartnereffectively across IT, Finance, Internal Audit, External Audit, Legal, Risk, Compliance, and business leadership functions.

Other:

  • Language: English (fluent)

  • Travel: Up to 20%, domestic and international

  • Certifications (preferred): CISSP, CISM, CRISC, or equivalent

For more information on how we support the whole health of our employees throughout their wellness,careerand life journey, please visitwww.careers.jnj.com.

Johnson & Johnson is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, disability, protected veteran status or other characteristics protected by federal, state or local law. We actively seek qualified candidates who are protected veterans and individuals with disabilities as defined under VEVRAA and Section 503 of the Rehabilitation Act.

Johnson and Johnson is committed to providing an interview process that is inclusive of our applicants' needs. If you are an individual with a disability and would like to request an accommodation, please email the Employee Health Support Center (ra-employeehealthsup@its.jnj.com) or contact AskGS to be directed to your accommodation resource.

#DePuySynthesCareers

Required Skills:

Preferred Skills:

Business Process Design, Crisis Management, Critical Thinking, Cybersecurity, Developing Others, Inclusive Leadership, Industry Analysis, Information Security Auditing, Information Security Management System (ISMS), Information Technology (IT) Security Assessments, Information Technology Strategies, Leadership, Presentation Design, Process Optimization, Risk Management Framework, Security Architecture Design, Security Policies, Strategic Thinking

The anticipated base pay range for this position is :

$178,000.00 - $307,050.00

Additional Description for Pay Transparency:

Subject to the terms of their respective plans, employees are eligible to participate in the Company's consolidated retirement plan (pension) and savings plan (401(k)).
This position is eligible to participate in the Company's long-term incentive program.
Subject to the terms of their respective policies and date of hire, employees are eligible for the following time off benefits:
Vacation -120 hours per calendar year
Sick time - 40 hours per calendar year; for employees who reside in the State of Colorado -48 hours per calendar year; for employees who reside in the State of Washington -56 hours per calendar year
Holiday pay, including Floating Holidays -13 days per calendar year
Work, Personal and Family Time - up to 40 hours per calendar year
Parental Leave - 480 hours within one year of the birth/adoption/foster care of a child
Bereavement Leave - 240 hours for an immediate family member: 40 hours for an extended family member per calendar year
Caregiver Leave - 80 hours in a 52-week rolling period10 days
Volunteer Leave - 32 hours per calendar year
Military Spouse Time-Off - 80 hours per calendar year
For additional general information on Company benefits, please go to: - https://www.careers.jnj.com/employee-benefits

What Johnson & Johnson employees say

Pay

Benefits

Hours and flexibility

Workplace

Get the full story on Breakroom