Governance, Risk, and Compliance Manager
$111,000 - $144,000/Yr
Dailypay - Remote, OR
posted about 2 months ago
Full-time - Mid Level
Remote - Remote, OR
Professional, Scientific, and Technical Services
About the position
DailyPay is seeking a Governance, Risk and Compliance Manager to develop, implement, and manage the organization's Governance, Risk, and Compliance (GRC) program, focusing on IT General Controls. This role is crucial for maintaining a secure and compliant IT environment, ensuring adherence to relevant laws and regulations while collaborating with cross-functional teams to align GRC initiatives with business objectives.
Responsibilities
- Develop, implement, and maintain the organization's GRC framework to ensure compliance with relevant laws, regulations, and standards (e.g., SOX, ISO 27001, SOC2, GDPR, NIST, COBIT).
- Collaborate with cross-functional teams to align governance, risk, and compliance initiatives with business objectives.
- Design, implement, and oversee IT General Controls (ITGCs) related to access management, change management, data backups, incident response, and system development.
- Monitor and evaluate the effectiveness of ITGCs to ensure they meet organizational needs and regulatory requirements.
- Work with internal and external audit teams to support ITGC audits, providing necessary documentation and managing remediation efforts.
- Perform regular IT risk assessments and maintain a risk register, identifying, prioritizing, and addressing IT-related risks.
- Develop risk mitigation strategies and monitor risk remediation efforts to ensure continuous compliance and minimal exposure to vulnerabilities.
- Advise leadership on risk exposure, necessary controls, and mitigation strategies.
Requirements
- Bachelor's degree in Information Technology, Information Security, Risk Management, or a related field (or equivalent experience).
- 5+ years of experience in IT governance, risk management, and compliance roles.
- Proven experience with IT General Controls (ITGC), including access control, change management, and disaster recovery.
- Strong understanding of regulatory frameworks such as SOX, ISO 27001, NIST, GDPR, and COBIT.
- Experience managing IT audits and interfacing with internal and external auditors.
- Certifications such as CISA, CRISC, CGEIT, or CISSP are highly desirable.
- Excellent communication, leadership, and organizational skills.
Nice-to-haves
- Experience in a highly regulated industry (e.g., finance, healthcare, or utilities).
- Knowledge of enterprise risk management frameworks and tools.
- Strong problem-solving skills and ability to work independently.
Benefits
- Exceptional health, vision, and dental care.
- Opportunity for equity ownership.
- Life and AD&D, short- and long-term disability.
- Employee Assistance Program.
- Employee Resource Groups.
- Fun company outings and events.
- Unlimited PTO.
- 401K with company match.
