Position: GRC Program Manager
Department: Governance, Risk, and Compliance (GRC)
Location: Hybrid – St. Petersburg, Florida
Type: Full-Time

Overview

We are seeking a dynamic and results-oriented GRC Program Manager to lead our organization’s governance, risk, and compliance initiatives. This individual will design, implement, and mature an enterprise-wide GRC program that aligns with regulatory requirements, industry best practices, and business objectives.

The ideal candidate will bring 10+ years of managerial experience in GRC or related fields, possess strong technical expertise paired with business acumen, and have the right attitude to grow into a client-facing, executive-level role. This role requires a strategic leader who can close deals, communicate confidently with C-level executives, and guide teams through complex compliance and risk initiatives while fostering a culture of security, compliance, and accountability.

Key Responsibilities

Program Management

• Develop, implement, and continuously improve the organization’s GRC program, policies, and processes.

• Manage and drive multiple compliance initiatives simultaneously (e.g., CMMC, NIST 800-171, ISO 27001, SOC 2, HIPAA, GDPR).

• Define program milestones, KPIs, and success metrics; ensure on-time delivery of all initiatives.

• Integrate risk and compliance considerations into strategic and operational decision-making processes.

Governance & Compliance

• Maintain compliance roadmaps aligned with organizational and regulatory goals.

• Oversee audits, assessments, and certifications, coordinating with internal stakeholders and external assessors.

• Develop and maintain comprehensive documentation including policies, procedures, control matrices, and system security plans.

• Lead compliance awareness and training initiatives across the organization.

Risk Management

• Identify, assess, and monitor organizational risks across business and IT environments.

• Maintain and update the enterprise risk register; develop risk mitigation strategies.

• Deliver executive-level reporting on compliance posture and risk exposure.

Collaboration & Leadership

• Act as the primary liaison between executive leadership, technical teams, clients, and external auditors.

• Mentor junior analysts and team members to develop internal GRC expertise.

• Represent the organization with professionalism in client meetings and executive discussions.

• Collaborate with business development teams to support deal closures and communicate compliance value to prospective clients.

Qualifications

Required

• Bachelor’s degree in Information Security, Business, Risk Management, or related field.

• 10+ years of managerial experience in GRC, compliance, or risk management roles.

• Strong knowledge of regulatory frameworks (CMMC, NIST 800-171, ISO 27001, SOC 2, HIPAA, GDPR).

• Proven experience leading enterprise compliance projects and managing cross-functional teams.

• Ability to work with C-level executives and communicate effectively with both technical and non-technical audiences.

• Technical experience in IT, cybersecurity, or audit combined with business acumen.

• Strong organizational, analytical, and problem-solving skills with the ability to drive results independently.

Preferred

• Relevant certifications such as CISA, CISM, CISSP, CRISC, CGEIT, Certified CMMC Assessor.

• Experience in highly regulated industries (defense, finance, healthcare).

• Entrepreneurial mindset with the ability to support business growth initiatives.

• A client-facing attitude with the potential to grow into a leadership or executive role.

Key Attributes

• Strategic Thinker: Able to align GRC efforts with business goals.

• Results-Oriented Leader: Focused on outcomes, not just processes.

• Excellent Communicator: Comfortable presenting to executives and external stakeholders.

• Collaborative Mentor: Willing to coach and develop junior talent.

• Adaptable & Entrepreneurial: Comfortable in a fast-paced, growing organization with evolving priorities.