1

It Governance Risk Compliance Manager Jobs (NOW HIRING)

The Compliance Assessor of IT Risk & Compliance Management performs Security Risk Assessments on ... Assisting in the upkeep of governance, risk and compliance (GRC) software applications Interacting ...

Ensures issues are evaluated and resolved, escalates risk and directs corrective actions in any ... the CTO and manages action items and issues logs that require attention. Takes on small work ...

Responsible for information risk management, collaborative design of information security controls ... Researching and recommending use of new technologies. * Project management including analysis of ...

Manager, IT Controls and Governance

Troy, MI · On-site

$90K - $110K/yr

The Manager of IT Controls advances Magna IT standards alignment across the Group by refining ... Use compliance and risk insights to guide governance priorities, standards clarification, and ...

IT Portfolio Manager

Stamford, CT · Remote

$80 - $90/hr

... e, risk, and compliance frameworks • Ability to operate at both strategic and operational levels • Experience supporting audits and regulatory environments (e.g., DORA, SOX) • Experience in ...

STAR Bonus % (At Risk Maximum) 5.00 - Salaried Non-Management except pharmacists Work Schedule ... Knowledge of Agile framework. * Participate in, adhere to, and support compliance program ...

IT Governance

Lansing, MI · Hybrid

$99K - $118K/yr

Ensures issues are evaluated and resolved, escalates risk and directs corrective actions in any ... the CTO and manages action items and issues logs that require attention. Takes on small work ...

next page

Showing results 1-20

It Governance Risk Compliance Manager information

What is the difference between It Governance Risk Compliance Manager vs IT Security Analyst?

AspectIT Governance Risk Compliance ManagerIT Security Analyst
CertificationsISO 27001 Lead Implementer, CISA, CISSPCISSP, CompTIA Security+, CEH
Work EnvironmentPolicy development, compliance audits, risk assessmentsSecurity monitoring, incident response, vulnerability testing
Employer & Industry UsageFinancial, healthcare, government sectorsIT firms, cybersecurity companies, corporate IT departments

The IT Governance Risk Compliance Manager focuses on establishing and maintaining compliance frameworks, managing risks, and ensuring organizational policies align with regulations. In contrast, the IT Security Analyst primarily monitors security systems, investigates threats, and implements security measures. Both roles require certifications like CISSP but differ in their core responsibilities and daily tasks within the IT industry.

What are the key skills and qualifications needed to thrive as an IT Governance Risk Compliance (GRC) Manager, and why are they important?

To thrive as an IT Governance Risk Compliance Manager, you need a strong understanding of IT risk management, regulatory frameworks (such as SOX, GDPR, or ISO 27001), and a relevant degree, often backed by certifications like CISA, CISSP, or CRISC. Familiarity with GRC platforms (e.g., RSA Archer, ServiceNow GRC), audit management tools, and compliance tracking systems is typically required. Exceptional analytical thinking, communication, and stakeholder management skills enable you to translate technical risks into actionable business strategies. These competencies are critical to ensuring organizational compliance, minimizing risk exposure, and aligning IT practices with business objectives.

What does an IT Governance Risk Compliance (GRC) Manager do?

An IT Governance Risk Compliance (GRC) Manager is responsible for ensuring that an organization's information technology systems comply with regulatory requirements and internal policies. They develop and oversee frameworks for managing IT risks, monitor compliance with standards such as ISO 27001 or SOC 2, and coordinate audits and assessments. Their role also involves advising leadership on risk mitigation strategies, training staff on compliance issues, and continuously improving IT governance practices. By doing so, they help protect the organization from legal, financial, and reputational risks associated with non-compliance and cyber threats.

How does an IT Governance Risk Compliance (GRC) Manager typically collaborate with other departments to ensure organizational compliance?

An IT GRC Manager works closely with various departments such as IT, legal, HR, and internal audit to implement and monitor compliance policies and risk mitigation strategies. They often facilitate cross-functional meetings to align security practices with business objectives, provide guidance on regulatory requirements, and coordinate training initiatives. Effective communication and collaboration are key, as the GRC Manager must ensure that all departments understand their compliance responsibilities and are prepared for audits. This collaborative approach helps create a culture of accountability and continuous improvement across the organization.
More about It Governance Risk Compliance Manager jobs
What cities are hiring for It Governance Risk Compliance Manager jobs? Cities with the most It Governance Risk Compliance Manager job openings:
What are the most commonly searched types of It Governance Risk Compliance jobs? The most popular types of It Governance Risk Compliance jobs are:
What states have the most It Governance Risk Compliance Manager jobs? States with the most job openings for It Governance Risk Compliance Manager jobs include:
What job categories do people searching It Governance Risk Compliance Manager jobs look for? The top searched job categories for It Governance Risk Compliance Manager jobs are:
Risk Analyst

Other

Posted 6 days ago


Job description

Company Description

DIRECTV is one of the world's leading providers of digital television entertainment services delivering a premium video experience through state-of-the-art technology, unmatched programming, and industry leading customer service to more than 32 million customers in the U.S. and Latin America.

Job Description

The Compliance Assessor of IT Risk & Compliance Management performs Security Risk Assessments on DIRECTV's 3rd party vendors. 

An assesment would typically involve the following tasks:

Communicating and interviewing vendors and internal business groups

Obtaining and reviewing supporting documentation

Performing on-site assessments (where necessary)

Documenting vendor's data security controls

Summarizing the adequacy of security controls

Outlining gaps & remediation steps

Providing recommendations

Capturing assessment results in centralized repository 


Other responsibilities include:


Assisting in the upkeep of governance, risk and compliance (GRC) software applications

Interacting with team members and department/division personnel on other GRC related tasks

Documenting data and process flows (e.g. data flow diagrams / swim-lane diagrams)

Cataloging, tracking and reporting the status of other risk assessments and resolution actions

Managing several GRC related tasks simultaneously without a great deal of direction or oversight

Evaluating internal compliance to regulations such PCI

Proposing practical risk mitigations based on cost, benefit and risk


Qualifications

Should have minimum 1-2 years of experience working with IT compliance and/or security audits  

Should have experience with Governance, Risk & Compliance Programs

Should have understanding of Payment Card Industry Data Security Standard (PCI DSS) and other compliance frameworks (e.g.: ISO 27001)

Should have experience related to vendor management audits and/or SAS70/SSAE16 type audits

Should be able to effectively communicate complex topics with both technical and non-technical personnel

Should have experience in reviewing Polices & Procedures and security controls

Big 4 consulting experience is considered an advantage


Additional Information
Certifications (preferred, but not required):

PCI Qualified Security Assessor (QSA) or Internal Security Assessor (ISA)
Certified Information Systems Security Professionals (CISSP)
Certified Information Security Manager (CISM)
Certified Information Systems Auditor (CISA)


This opportunity is a Long Term Contract