The Role We Want You For Under the direction of and in collaboration with the GRC Manager, the Sr. GRC Analyst, Risk Management is the primary owner and operational steward of the Enterprise Risk ...
The Role We Want You For Under the direction of and in collaboration with the GRC Manager, the Sr. GRC Analyst, Risk Management is the primary owner and operational steward of the Enterprise Risk ...
Position Overview The Manager, Governance, Risk & Compliance (GRC) leads Riverside Research's Governance, Risk, and Compliance program supporting the organization's unclassified enterprise and ...
Position Overview The Manager, Governance, Risk & Compliance (GRC) leads Riverside Research's Governance, Risk, and Compliance program supporting the organization's unclassified enterprise and ...
Governance Risk Compliance (GRC) Manager
Vienna, VA · On-site
$140K - $170K/yr
You will own the GRC calendar, the Vanta instance, the policy library, the audit evidence, and the ... You will not own security architecture or vulnerability management - but you will need strong ...
Governance Risk Compliance (GRC) Manager
Vienna, VA · On-site
$140K - $170K/yr
You will own the GRC calendar, the Vanta instance, the policy library, the audit evidence, and the ... You will not own security architecture or vulnerability management - but you will need strong ...
GRC Manager - Associate
Charlotte, NC · On-site
The ARM Manager will be a hands-on manager who can independently and successfully execute the ARM process in the coordination & facilitation of audit request and issue management. The ARM Manager ...
GRC Manager - Associate
Charlotte, NC · On-site
The ARM Manager will be a hands-on manager who can independently and successfully execute the ARM process in the coordination & facilitation of audit request and issue management. The ARM Manager ...
The ARM Manager will be a hands-on manager who can independently and successfully execute the ARM process in the coordination & facilitation of audit request and issue management. The ARM Manager ...
The ARM Manager will be a hands-on manager who can independently and successfully execute the ARM process in the coordination & facilitation of audit request and issue management. The ARM Manager ...
Senior GRC Engineer
Dallas, TX · On-site +1
$103K - $142K/yr
You will report to the Sr. GRC Manager and work at the intersection of security engineering, AI governance, and healthcare compliance across our benefits platform. Please know that this is not a ...
Senior GRC Engineer
Dallas, TX · On-site +1
$103K - $142K/yr
You will report to the Sr. GRC Manager and work at the intersection of security engineering, AI governance, and healthcare compliance across our benefits platform. Please know that this is not a ...
Security Governance, Risk & Compliance (GRC) Manager Reporting to the Director of Information Security, the GRC Manager will play a critical role in advancing the firm's security, compliance, and ...
Security Governance, Risk & Compliance (GRC) Manager Reporting to the Director of Information Security, the GRC Manager will play a critical role in advancing the firm's security, compliance, and ...
Senior GRC Engineer
Dallas, TX · Hybrid
$103K - $142K/yr
You will report to the Sr. GRC Manager and work at the intersection of security engineering, AI governance, and healthcare compliance across our benefits platform. Please know that this is not a ...
Quick apply
Senior GRC Engineer
Dallas, TX · Hybrid
$103K - $142K/yr
You will report to the Sr. GRC Manager and work at the intersection of security engineering, AI governance, and healthcare compliance across our benefits platform. Please know that this is not a ...
Oracle Apps DBA and EBS
Orange, CA · On-site
$54.25 - $73.75/hr
Skills should include Oracle eBS 12i, Oracle database 10g/11i, GRC Controls, GRC Manager, Hyperion and OBIEE is a plus. Day to day duties will include the systems analysis, documentation ...
Oracle Apps DBA and EBS
Orange, CA · On-site
$54.25 - $73.75/hr
Skills should include Oracle eBS 12i, Oracle database 10g/11i, GRC Controls, GRC Manager, Hyperion and OBIEE is a plus. Day to day duties will include the systems analysis, documentation ...
Senior Security GRC Analyst
San Mateo, CA · On-site
$224K - $271K/yr
We are using engineering to drive automation across risk management, policy lifecycle management, supply chain risk, AI risk, and controls programs. You will have the opportunity to shape how GRC ...
New
Senior Security GRC Analyst
San Mateo, CA · On-site
$224K - $271K/yr
We are using engineering to drive automation across risk management, policy lifecycle management, supply chain risk, AI risk, and controls programs. You will have the opportunity to shape how GRC ...
New
Experience with GRC platforms for control tracking, evidence management, and audit workflow automation. * Knowledge of Northwood's core infrastructure environment, including AWS GovCloud, Microsoft ...
Experience with GRC platforms for control tracking, evidence management, and audit workflow automation. * Knowledge of Northwood's core infrastructure environment, including AWS GovCloud, Microsoft ...
GRC Analyst
Boston, MA · On-site
Title: GRC Analyst Location: Boston, MA (Onsite once in a month) Duration: 12 Months (Possible ... Third-Party & Vendor Risk Management (TPRM): Lead security reviews on third-party vendors, partners ...
New
GRC Analyst
Boston, MA · On-site
Title: GRC Analyst Location: Boston, MA (Onsite once in a month) Duration: 12 Months (Possible ... Third-Party & Vendor Risk Management (TPRM): Lead security reviews on third-party vendors, partners ...
New
Bret was also one of Google's earliest product managers and co-creator of Google Maps. Before ... GRC team. This is a role for someone with 10+ years experience and has done this work in depth ...
Bret was also one of Google's earliest product managers and co-creator of Google Maps. Before ... GRC team. This is a role for someone with 10+ years experience and has done this work in depth ...
Support the development, implementation, and enhancement of the Information Security Management System (ISMS) in line with ISO 27001:2022 . Assist in maintaining GRC policies, procedures, and ...
Support the development, implementation, and enhancement of the Information Security Management System (ISMS) in line with ISO 27001:2022 . Assist in maintaining GRC policies, procedures, and ...
This role spans at least three pillars of our GRC program: Client Security Assessment Management, ISO 27001/27701 Program Management, and Internal GRC Program and Audit Management. As a senior ...
This role spans at least three pillars of our GRC program: Client Security Assessment Management, ISO 27001/27701 Program Management, and Internal GRC Program and Audit Management. As a senior ...
This role spans at least three pillars of our GRC program: Client Security Assessment Management, ISO 27001/27701 Program Management, and Internal GRC Program and Audit Management. As a senior ...
This role spans at least three pillars of our GRC program: Client Security Assessment Management, ISO 27001/27701 Program Management, and Internal GRC Program and Audit Management. As a senior ...
This role spans at least three pillars of our GRC program: Client Security Assessment Management, ISO 27001/27701 Program Management, and Internal GRC Program and Audit Management. As a senior ...
This role spans at least three pillars of our GRC program: Client Security Assessment Management, ISO 27001/27701 Program Management, and Internal GRC Program and Audit Management. As a senior ...
SAP Security & GRC
Charlotte, NC · On-site
Deliver services that meet Project specifications - SAP GRC Access Control Modules (Emergency Access Management, Access Risk Analysis & Access Request Management & Business Role Management)
SAP Security & GRC
Charlotte, NC · On-site
Deliver services that meet Project specifications - SAP GRC Access Control Modules (Emergency Access Management, Access Risk Analysis & Access Request Management & Business Role Management)
OverviewThe Manager III, SAP Security & GRC is responsible for leading SAP Security, Identity & Access Management (IAM), and Governance, Risk & Compliance (GRC) operations in support of the Retail ...
OverviewThe Manager III, SAP Security & GRC is responsible for leading SAP Security, Identity & Access Management (IAM), and Governance, Risk & Compliance (GRC) operations in support of the Retail ...
They are seeking a seasoned Customer Trust Enablement professional to manage security and ... GRC roadmaps. • Define metrics, SLAs, and escalation frameworks for the function, and report on ...
They are seeking a seasoned Customer Trust Enablement professional to manage security and ... GRC roadmaps. • Define metrics, SLAs, and escalation frameworks for the function, and report on ...
Grc Manager information
What does a typical day look like for a GRC Manager?
A typical day for a GRC Manager involves coordinating risk assessments, reviewing regulatory compliance requirements, and working closely with departments such as IT, Legal, and Internal Audit to implement controls and mitigate risks. This role often includes developing or updating policies, conducting training sessions, and preparing reports for senior leadership or regulatory bodies. GRC Managers also keep an eye on emerging risks and compliance trends, ensuring that the organization proactively adapts its governance and risk strategies. Collaboration and regular communication with diverse teams make the work dynamic and engaging, as no two days are exactly the same.
What are the key skills and qualifications needed to thrive in the Grc Manager position, and why are they important?
To thrive as a GRC Manager, you need a deep understanding of governance, risk management, and compliance frameworks, often supported by a bachelor's degree in business, information security, or a related field. Experience with GRC platforms (such as RSA Archer, MetricStream, or ServiceNow), risk assessment tools, and certifications like CISA, CRISC, or CISSP are highly valued. Leadership, strong analytical skills, and effective communication are vital soft skills for influencing stakeholders and managing cross-functional teams. These abilities are essential to ensure regulatory adherence, mitigate organizational risks, and drive a culture of compliance throughout the company.
What is a GRC Manager job?
A GRC (Governance, Risk, and Compliance) Manager is responsible for developing and overseeing an organization's risk management, regulatory compliance, and corporate governance programs. They ensure that internal policies and external regulations are followed to mitigate risks and maintain legal and ethical standards. Their role includes implementing frameworks, conducting risk assessments, and collaborating with different departments to align business objectives with compliance requirements. GRC Managers also provide training and guidance to employees on regulatory changes and best practices.

Full-time
Medical, Dental, Vision, Life, Retirement, PTO
Re-posted 7 hours ago
Job description
About Us
Clayco is a full-service, turnkey real estate development, master planning, architecture, engineering, and construction firm that safely delivers clients across North America the highest quality solutions on time, on budget, and above and beyond expectations. With $8.1 billion in revenue for 2025, Clayco specializes in the "art and science of building," providing fast track, efficient solutions for mission critical, industrial, life sciences, power & energy, aviation, commercial, institutional, residential and sports & entertainment related building projects.
The Role We Want You For
Under the direction of and in collaboration with the GRC Manager, the Sr. GRC Analyst, Risk Management is the primary owner and operational steward of the Enterprise Risk Register. This role is responsible for ensuring all identified risk is accurately captured, properly rated, assigned to an accountable owner, actively worked, and driven to resolution across the Clayco organization. The analyst functions as the operational hub of the risk lifecycle — from initial intake and classification through remediation coordination, escalation, stakeholder accountability, and reporting. This is a high-accountability, process-driven role that demands both technical depth and organizational influence. The analyst transforms the risk register from a static document into a dynamic governance instrument — one that delivers a clear, current, and quantified view of organizational risk exposure to leadership. Additional responsibilities will be assigned as deemed necessary. Any travel is usually planned in advance, but issues may arise which warrant immediate travel to one or more satellite locations.
The Specifics of the Role
- Assumes the ownership and maintenance of the Enterprise Risk Register as the authoritative system of record for all identified risks across the Clayco organization.
- Enforces rigorous data integrity standards: no missing owners, undefined due dates, stale entries, or incomplete risk descriptions.
- Establishes and maintains a consistent process for risk creation, categorization, severity rating, and treatment classification to ensure comparability and defensibility of the data set.
- Applies qualitative risk analysis methodologies, including likelihood/impact matrices to produce accurate, prioritized risk ratings.
- Conducts regular audits of the risk register to surface stale, incomplete, or improperly rated entries and drive timely corrections with risk owners.
- Maintains comprehensive documentation for each risk, including: risk description, affected assets and systems, threat source, inherent risk rating, current controls, residual risk, treatment decision, assigned owner, and target remediation date.
- Manages the full risk lifecycle from intake through closure, including periodic re-evaluation of accepted risks to confirm continued acceptability.
- Serve as the primary coordinator and driver of risk remediation and mitigation activities, ensuring every open risk has an actionable, time-bound treatment plan with a clearly accountable owner.
- Collaborates with risk owners and technical teams to develop realistic remediation plans that define specific tasks, milestones, resource requirements, and completion criteria.
- Coordinates corrective and preventive actions (CAPA) arising from audit findings, control failures, and policy exceptions, tracking each to verified closure.
- Tracks and monitors remediation progress across all open items; proactively identify blockers, resource gaps, and at-risk milestones before they result in missed deadlines.
- Escalates risks with insufficient remediation progress, missed SLAs, or unacceptable residual risk levels to the GRC Manager and relevant leadership with supporting data and recommended courses of action.
- Assumes operational ownership of Vulnerability Management and External Attack Surface Management (EASM) processes:
- In collaboration with SOC, ensures that Vulnerability Scanning output ingested into Workflow platform has high fidelity with accurate association with CI's
- In collaboration with SOC, ensures that EASM output ingested into Workflow Platform has high fidelity with accurate association with CI's
- Ensures effective tuning and appropriate scoring of Risk Rating algorithm
- Ensures effective execution of assignment Rules and track remediation activity
- Remediates Unknown/Unclassed CI's from scanning output and tune assignment Rules
- Ensures timely and accurate reporting of active Risk and Vulnerability by severity as well as performance against Remediation targets process.
- Collaborates cross-functionally with other Information Technology teams and Business Stakeholders across the Organization
- Engages as necessary in all GRC functions to maintain an understanding of process and procedures
- Provides leadership with comprehensive reports of compliance-focused activities and outcomes, as requested.
Requirements
- 5-7+ years' experience in Risk & Compliance Assessment, Audit & Reporting, or similar functions, preferably within the Information Security or Technology fields
- 3-4+ years working specifically in Information Security roles involving Risk Analysis, Information System Security Assessment, Compliance Audit with Regulations, Frameworks, & Standards
- Bachelor's degree in Information Technology or related field, or equivalent experience
- Required Certifications: Certified in Risk & Information Systems Control (CRISC), Certified Information Systems Auditor (CISA), or Certified Information Systems Security Professional (CISSP) (Current status, or obtained within 9 months of assuming role)
- Strong experience leveraging auditing principles and methods to evaluate policies, processes, systems, and vendors to identify business risks and control gaps
- Experience in administering Risk management programs for technology and information security
- Strong, technical knowledge of modern Systems, Services, Cloud Applications/Platforms, Identity Services, and Data Storage/Handling and their areas of Risk and Threat exposure
- Experience with administering, maintaining, and leveraging a Risk Register to track and communicate identified Risk and its required remediation
- Knowledge of statistics, reporting and analytical tools to analyze and solve complex problems
- Proficiency in necessary productivity tools (i.e. Microsoft Excel, PowerPoint, Word etc.) for analytics and presentations
- Operate with strong integrity with ability to handle projects of a sensitive & confidential nature
- Excellent written and verbal communication skills with a proven ability to translate technical or abstract concepts into a narrative that is easily understood by clients.
- Ability to thrive in fast-paced environment.
Some Things You Should Know.
- No other builder can offer the collaborative design-build approach that Clayco does.
- We work on creative, complex, award-winning, high-profile jobs.
- The pace is fast!
- This position is classified as a safety-sensitive role in accordance with applicable state and federal laws. Candidates selected for this position will be subject to a comprehensive background check, which includes mandatory drug testing.
Why Clayco?
- 2025 Best Places to Work – St. Louis Business Journal, Los Angeles Business Journal, and Phoenix Business Journal.
- 2025 ENR Top 400 – Top Data Center Contractor (Top 3).
- 2025 ENR Top 100 Design-Build Firms – Design-Build Contractor (Top 5).
- 2025 ENR Top 100 Green Contractors – Green Contractor (Top 3).
Benefits
- Discretionary Annual Bonus: Subject to company and individual performance.
- Comprehensive Benefits Package Including: Medical, dental and vision plans, 401k, generous PTO and paid company holidays, employee assistance program, flexible spending accounts, life insurance, disability coverage, learning & development programs and more!
Compensation
- The salary range for this position considers a wide range of factors in making compensation decisions including but not limited to: Education, qualifications, skills, training, experience, certifications, internal equity, and location. Compensation decisions are dependent on the facts and circumstances of each case.
About Clayco
Sourced by ZipRecruiter
Industry
Construction
Company size
1,001 - 5,000 Employees
Headquarters location
Chicago, IL, US
Year founded
1984