1

It Governance Risk Compliance Manager Jobs (NOW HIRING)

Risk & Compliance Manager

Fleetwood, PA · On-site

$80K - $100K/yr

... Information Security. Primary Responsibilities: · The position serves as the compliance manager ... risk experience * Excellent analytical and research skills * Strong written and verbal ...

Posted today

Responsible for information risk management, collaborative design of information security controls ... Researching and recommending use of new technologies. * Project management including analysis of ...

IT Audit Project Manager

Washington, DC · On-site

$111K - $131K/yr

The role requires a proven leader with expertise in project management, IT governance, risk management, and cybersecurity compliance who can effectively collaborate with technical teams, stakeholders ...

New

Third-Party Risk Consultant

Boston, MA · On-site

$86K - $113K/yr

... Risk & Compliance Team is comprised of governance and risk professionals responsible for implementing governance processes and risk management practices for the ETX (Information Technology ...

New

IT Portfolio Manager

Stamford, CT · Remote

$80 - $90/hr

... e, risk, and compliance frameworks • Ability to operate at both strategic and operational levels • Experience supporting audits and regulatory environments (e.g., DORA, SOX) • Experience in ...

New

IT Governance Consultant

Washington, DC · On-site

$98K - $163K/yr

... integrated risk management, and continuous post-deployment monitoring to identify and address ... compliance issues. What You Will Need: * An ACTIVE and MAINTAINED TOP SECRET Federal or DoD ...

New

next page

Showing results 1-20

It Governance Risk Compliance Manager information

What is the difference between It Governance Risk Compliance Manager vs IT Security Analyst?

AspectIT Governance Risk Compliance ManagerIT Security Analyst
CertificationsISO 27001 Lead Implementer, CISA, CISSPCISSP, CompTIA Security+, CEH
Work EnvironmentPolicy development, compliance audits, risk assessmentsSecurity monitoring, incident response, vulnerability testing
Employer & Industry UsageFinancial, healthcare, government sectorsIT firms, cybersecurity companies, corporate IT departments

The IT Governance Risk Compliance Manager focuses on establishing and maintaining compliance frameworks, managing risks, and ensuring organizational policies align with regulations. In contrast, the IT Security Analyst primarily monitors security systems, investigates threats, and implements security measures. Both roles require certifications like CISSP but differ in their core responsibilities and daily tasks within the IT industry.

What are the key skills and qualifications needed to thrive as an IT Governance Risk Compliance (GRC) Manager, and why are they important?

To thrive as an IT Governance Risk Compliance Manager, you need a strong understanding of IT risk management, regulatory frameworks (such as SOX, GDPR, or ISO 27001), and a relevant degree, often backed by certifications like CISA, CISSP, or CRISC. Familiarity with GRC platforms (e.g., RSA Archer, ServiceNow GRC), audit management tools, and compliance tracking systems is typically required. Exceptional analytical thinking, communication, and stakeholder management skills enable you to translate technical risks into actionable business strategies. These competencies are critical to ensuring organizational compliance, minimizing risk exposure, and aligning IT practices with business objectives.

What does an IT Governance Risk Compliance (GRC) Manager do?

An IT Governance Risk Compliance (GRC) Manager is responsible for ensuring that an organization's information technology systems comply with regulatory requirements and internal policies. They develop and oversee frameworks for managing IT risks, monitor compliance with standards such as ISO 27001 or SOC 2, and coordinate audits and assessments. Their role also involves advising leadership on risk mitigation strategies, training staff on compliance issues, and continuously improving IT governance practices. By doing so, they help protect the organization from legal, financial, and reputational risks associated with non-compliance and cyber threats.

How does an IT Governance Risk Compliance (GRC) Manager typically collaborate with other departments to ensure organizational compliance?

An IT GRC Manager works closely with various departments such as IT, legal, HR, and internal audit to implement and monitor compliance policies and risk mitigation strategies. They often facilitate cross-functional meetings to align security practices with business objectives, provide guidance on regulatory requirements, and coordinate training initiatives. Effective communication and collaboration are key, as the GRC Manager must ensure that all departments understand their compliance responsibilities and are prepared for audits. This collaborative approach helps create a culture of accountability and continuous improvement across the organization.
More about It Governance Risk Compliance Manager jobs
What cities are hiring for It Governance Risk Compliance Manager jobs? Cities with the most It Governance Risk Compliance Manager job openings:
What are the most commonly searched types of It Governance Risk Compliance jobs? The most popular types of It Governance Risk Compliance jobs are:
What states have the most It Governance Risk Compliance Manager jobs? States with the most job openings for It Governance Risk Compliance Manager jobs include:
What job categories do people searching It Governance Risk Compliance Manager jobs look for? The top searched job categories for It Governance Risk Compliance Manager jobs are:

Security Engineer - Governance Risk Compliance

SpaceXAI

New York, NY • On-site

$100K - $258K/yr

Other

Medical, Dental, Vision, Life, Retirement

Re-posted 19 days ago


Job description

ABOUT THE ROLE:
We are seeking an experienced and strategic Governance, Risk, and Compliance (GRC) team member as we expand into government and public sector applications of AI. This critical role will ensure that SpaceXAI operates within regulatory, ethical, operational, and federal boundaries while fostering a culture of integrity and resilience. You will collaborate with cross-functional teams to safeguard our mission-driven work in AI development and deployment, including support for sensitive and classified environments.
RESPONSIBILITIES:
  • Execute security compliance implementation and audits (e.g., ISO 27001/42001, SOC2, FedRAMP HIGH, DoD Cloud Computing SRG IL5/IL6, NIST 800-53 rev 5, NIST 800-171/CMMC, Risk Management Framework).
  • Work with 3PAOs (Third-Party Assessment Organizations) and federal government Authorizing Officials (AOs) to achieve compliance certifications, reports, and Authorized to Operate (ATO) status.
  • Identify, assess, and prioritize risks related to AI operations, cybersecurity, regulatory compliance, intellectual property, and cloud deployments.
  • Design and implement risk mitigation strategies, including monitoring systems, contingency plans, vulnerability scans, Plan of Action and Milestones (POAMs), and STIGs.
  • Ensure the implementation, oversight, monitoring, and maintenance of security configurations, practices, and procedures throughout the project lifecycle.
  • Serve as a liaison between system owners, security personnel, and cross-functional teams to facilitate effective communication, collaboration, and control implementation.
  • Lead Risk Management Assessment and Authorization (A&A) processes, cloud system risk assessments, compliance reviews for new products/changes/features, and process enhancements.
  • Conduct regular risk assessments, scenario analyses, and proactive evaluations of emerging threats, certifications, requirements, and technologies in the AI landscape.
  • Oversee audits, certifications, third-party assessments, and vulnerability management to maintain compliance and operational credibility.
  • Act as a subject matter expert, providing guidance on risk, compliance, and cybersecurity matters; translate business and technical risks for leadership.
  • Create and present regular reports on GRC performance, risks, and compliance status to senior leadership and stakeholders.
BASIC QUALIFICATIONS:
  • Bachelor's degree in computer science, Information Security, Cybersecurity, or in an engineering/STEM field
  • 3+ years of experience in governance, risk management, compliance, or technology audit roles.
  • Experience with vulnerability management, POAMs, STIG implementation, and cloud security controls.
PREFERRED SKILLS AND EXPERIENCE:
  • 5+ years of security compliance or technology audit-related.
  • Previous systems engineering experience strongly preferred
  • Ability to evaluate control objectives with IT configurations
  • Experience in the tech or AI industry, particularly with startups, innovative organizations, or government/public sector engagements.
  • Proven expertise in regulatory frameworks, data privacy, cybersecurity, and federal compliance standards, preferably in a technology, cloud, or AI-driven environment.
  • Strong understanding of AI ethics, emerging technologies, Risk Management Framework (RMF), and their associated risks.
  • Exceptional analytical, problem-solving, organizational, and project management skills, with the ability to balance innovation, oversight, and taking projects from conception to launch.
  • Excellent communication, stakeholder management, and translation skills, with experience influencing cross-functional teams and communicating risks to leadership.
  • Ability to thrive in a fast-paced, dynamic environment and adapt to evolving priorities.
  • Certifications like CISA, CRISC, CGEIT, Security+, CASP+, or similar preferred.
  • Deep expertise maintaining frameworks such as FedRAMP, DoD Cloud Computing SRG, NIST 800-171, NIST 800-53, CMMC, and STIG/RMF policies (including validation via ACAS and similar tools).
  • Familiarity with ISO 27001, ISO 42001, NIST, SOC 2, or similar compliance frameworks.
  • Background in managing third-party risk, vendor compliance programs, or federal assessments.
  • Understanding of cybersecurity controls for cloud service providers.
  • Knowledge of government cloud services and evolving certification programs.
COMPENSATION AND BENEFITS:

$100,000 - $258,000 USD

Base salary is just one part of our total rewards package at SpaceXAI, which also includes equity, comprehensive medical, vision, and dental coverage, access to a 401(k) retirement plan, short & long-term disability insurance, life insurance, and various other discounts and perks.

ITAR REQUIREMENTS:
  • To conform to U.S. Government export regulations, applicant must be a (i) U.S. citizen or national, (ii) U.S. lawful, permanent resident (aka green card holder), (iii) Refugee under 8 U.S.C. 1157, or (iv) Asylee under 8 U.S.C. 1158, or be eligible to obtain the required authorizations from the U.S. Department of State. Learn more about the ITAR here.