03 Sep 2025
Position: GRC Program Manager
Department: Governance, Risk, and Compliance (GRC)
Location: Hybrid – St. Petersburg, Florida
Type: Full-Time
Overview
We are seeking a dynamic and results-oriented GRC Program Manager to lead our organization’s governance, risk, and compliance initiatives. This individual will design, implement, and mature an enterprise-wide GRC program that aligns with regulatory requirements, industry best practices, and business objectives.
The ideal candidate will bring 10+ years of managerial experience in GRC or related fields, possess strong technical expertise paired with business acumen, and have the right attitude to grow into a client-facing, executive-level role. This role requires a strategic leader who can close deals, communicate confidently with C-level executives, and guide teams through complex compliance and risk initiatives while fostering a culture of security, compliance, and accountability.
Key Responsibilities
Program Management
Develop, implement, and continuously improve the organization’s GRC program, policies, and processes.
Manage and drive multiple compliance initiatives simultaneously (e.g., CMMC, NIST 800-171, ISO 27001, SOC 2, HIPAA, GDPR).
Define program milestones, KPIs, and success metrics; ensure on-time delivery of all initiatives.
Integrate risk and compliance considerations into strategic and operational decision-making processes.
Governance & Compliance
Maintain compliance roadmaps aligned with organizational and regulatory goals.
Oversee audits, assessments, and certifications, coordinating with internal stakeholders and external assessors.
Develop and maintain comprehensive documentation including policies, procedures, control matrices, and system security plans.
Lead compliance awareness and training initiatives across the organization.
Risk Management
Identify, assess, and monitor organizational risks across business and IT environments.
Maintain and update the enterprise risk register; develop risk mitigation strategies.
Deliver executive-level reporting on compliance posture and risk exposure.
Collaboration & Leadership
Act as the primary liaison between executive leadership, technical teams, clients, and external auditors.
Mentor junior analysts and team members to develop internal GRC expertise.
Represent the organization with professionalism in client meetings and executive discussions.
Collaborate with business development teams to support deal closures and communicate compliance value to prospective clients.
Qualifications
Required
Bachelor’s degree in Information Security, Business, Risk Management, or related field.
10+ years of managerial experience in GRC, compliance, or risk management roles.
Strong knowledge of regulatory frameworks (CMMC, NIST 800-171, ISO 27001, SOC 2, HIPAA, GDPR).
Proven experience leading enterprise compliance projects and managing cross-functional teams.
Ability to work with C-level executives and communicate effectively with both technical and non-technical audiences.
Technical experience in IT, cybersecurity, or audit combined with business acumen.
Strong organizational, analytical, and problem-solving skills with the ability to drive results independently.
Preferred
Relevant certifications such as CISA, CISM, CISSP, CRISC, CGEIT, Certified CMMC Assessor.
Experience in highly regulated industries (defense, finance, healthcare).
Entrepreneurial mindset with the ability to support business growth initiatives.
A client-facing attitude with the potential to grow into a leadership or executive role.
Key Attributes
Strategic Thinker: Able to align GRC efforts with business goals.
Results-Oriented Leader: Focused on outcomes, not just processes.
Excellent Communicator: Comfortable presenting to executives and external stakeholders.
Collaborative Mentor: Willing to coach and develop junior talent.
Adaptable & Entrepreneurial: Comfortable in a fast-paced, growing organization with evolving priorities.