Governance, Risk & Compliance (GRC) Experts

Develop and maintain enterprise-wide policies, standards, and procedures to ensure alignment with regulatory and business requirements. Establish GRC frameworks and methodologies for consistent risk and compliance management across departments. Provide strategic guidance to senior leadership on GRC best practices and emerging regulatory requirements.

Lead enterprise risk assessments, including identification, analysis, mitigation, and monitoring of operational, IT, cybersecurity, and third-party risks. Manage the corporate risk register and provide periodic risk reports to executive leadership and board-level committees. Promote a risk-aware culture by integrating risk management into business processes.

Compliance :

Monitor, interpret, and ensure compliance with relevant laws, regulations, standards, and contractual obligations (e.g., ISO 27001, NIST, GDPR, SOX, HIPAA, PCI-DSS). Oversee audit and regulatory readiness activities; manage relationships with external auditors and regulatory bodies. Conduct compliance training and awareness programs across the organization.

GRC Tools & Reporting :

Administer and optimize the use of GRC platforms (e.g., Archer, ServiceNow, MetricStream, LogicGate). Develop dashboards, KPIs, and reports to communicate risk posture, policy adherence, and compliance status to stakeholders.

Third-Party & Vendor Risk :

Establish and manage a third-party risk management program including vendor assessments, due diligence, and contract reviews. Collaborate with procurement and legal teams to embed risk requirements in vendor selection and management processes.

Qualifications :

Bachelor's or Master's degree in Business, Risk Management, Information Security, Compliance, or related field. 5-10+ years of experience in GRC, enterprise risk management, or cybersecurity governance roles. In-depth knowledge of risk management principles, compliance frameworks, and governance structures. Certifications such as CISA, CRISC, CISM, CISSP, CGEIT, or ISO 27001 Lead Auditor / Implementer preferred. Experience with GRC tools and platforms is highly desirable.

Skills :

Strong analytical thinking and problem-solving skills. Excellent communication, facilitation, and stakeholder engagement abilities. Proven ability to influence cross-functional teams and drive organizational change. Strategic mindset with the ability to manage both details and the bigger picture.

Governance Compliance • Anaheim, CA, United States