Governance, Risk and Compliance (GRC) Lead - 249079

We are seeking a GRC Lead to drive regulatory compliance, governance, and risk management initiatives across the organization. This role will focus heavily on PCI compliance, while also supporting HIPAA, GDPR, and Third-Party Risk Management (TPRM) programs. The ideal candidate has experience operationalizing compliance frameworks, conducting internal audits, managing vendor risk, and supporting enterprise security governance.

Key Responsibilities

Compliance & Regulatory Programs

• Lead initiatives to achieve and maintain PCI Level 4 compliance, including control implementation, documentation, and audit readiness.
• Support compliance programs aligned with HIPAA security requirements and GDPR privacy regulations.
• Assist with international privacy and regulatory readiness related to global partnerships.
• Maintain and update the enterprise risk register, including risk identification, prioritization, and mitigation planning.
• Develop and maintain security policies, standards, and compliance documentation.
• Support quarterly reporting activities including compliance metrics, risk updates, and executive dashboards.

Third-Party Risk Management (TPRM)

• Oversee vendor security reviews and third-party risk assessments.
• Manage ongoing monitoring of vendors to ensure adherence to security and compliance requirements.

Internal Audits & Security Reviews

• Conduct internal audits and access reviews, including Active Directory account and system-level access assessments.
• Track remediation efforts and support follow-up activities related to compliance gaps or audit findings.

Program Coordination

• Coordinate with managed service providers (MSPs) supporting operational security tasks.
• Assist with incident response coordination, penetration testing follow-up, and remediation tracking when required.

Required Qualifications

• Experience working within Governance, Risk, and Compliance (GRC) programs.
• Strong knowledge of PCI DSS, with experience supporting or leading PCI compliance initiatives.
• Familiarity with HIPAA and GDPR regulatory requirements.
• Experience conducting internal audits, access reviews, and vendor risk assessments.
• Ability to communicate compliance risks and program updates to both technical teams and leadership.

Preferred Qualifications

• Experience with Third-Party Risk Management (TPRM) programs.
• Familiarity with security frameworks such as NIST or ISO 27001.
• Experience supporting global privacy or international regulatory compliance efforts.