Title: GRC Lead
Location: 100% remote within EST time zone (NY, NJ, CT, PA) - local candidates preferred
Duration: 3+ month Contract to hire
Overview:
We are seeking an experienced and hands-on GRC Lead to help build and mature our Governance, Risk, and Compliance program. This individual will play a critical role in aligning risk and compliance efforts with regulatory frameworks and internal information security standards. The right candidate will be proactive, highly organized, and ready to take ownership from day one.
Why This Role Is Critical:
- Aligns with regulatory frameworks such as GDPR, NYDFS, CCPA, PIPEDA, ISO, CIS, and DORA
- Supports control validation and compliance across IT and information security (e.g., SOX, CIS benchmarks)
- Captures and formalizes key processes and team knowledge
- Addresses current gaps within the GRC control environment and improves program effectiveness
Role Summary:
The GRC Lead will spearhead the formation of a formal GRC function, driving initial assessments, remediation strategies, and long-term planning. Within the first 90 days, the successful candidate will deliver a comprehensive evaluation of the current state, identify areas for improvement, and begin laying the foundation for sustainable GRC operations.
Responsibilities:
- Oversee and maintain the IT and Information Security risk register
- Lead business continuity efforts, including recertification processes
- Manage the development, review, and maintenance of security policies, standards, and exception workflows
- Own and evolve the Third-Party Risk Management (TPRM) process
- Collaborate with InfoSec and Data Security teams to integrate risk controls and processes
- Support and refine change management protocols
- Coordinate internal and external audit activities and remediation
- Evaluate, recommend, and implement a new GRC tool to support ongoing program needs
Required Experience & Skills:
- 5–8 years of experience in GRC, risk management, or data governance
- Familiarity with GRC platforms and related toolsets
- Proven ability to conduct risk assessments and translate regulatory requirements into operational controls
- Strong background in project execution and process development
- Working knowledge of global and industry-specific regulatory requirements
- Prior experience supporting or leading external audit engagements