Technical Governance, Risk, & Compliance Manager

Cbiz

  • Cleveland, OH
  • Permanent
  • Full-time
  • 1 month ago
CBIZ, Inc. is a leading professional services advisor to middle market businesses and organizations nationwide. With unmatched industry knowledge and expertise in accounting, tax, advisory, benefits, insurance, and technology, CBIZ delivers forward-thinking insights and actionable solutions to help clients anticipate what's next and discover new ways to accelerate growth. CBIZ has more than 10,000 team members across more than 160 locations in 22 major markets coast to coast.CBIZ strives to be our team members’ employer of choice by creating an environment where team members are appreciated, recognized for their contributions, and provided with opportunities to grow, both personally and professionally, throughout their careers.We are seeking a highly skilled and forward-thinking Technical Governance, Risk, and Compliance (GRC) Manager to drive the maturity of our enterprise GRC program within a publicly traded, technology-driven organization. This position is ideal for a proven GRC leader with a deep understanding of information security frameworks, cloud compliance, automation-driven GRC tooling, and regulatory alignment for public companies.The ideal candidate will bring a technical-first mindset, a strong grasp of emerging threats, and practical experience aligning security risk and controls with business outcomes in complex environments. You will work cross-functionally with InfoSec, Engineering, Legal, and Internal Audit teams to establish scalable governance processes, reduce enterprise risk, and ensure compliance across the digital and physical estate.Essential Functions and Primary Duties:
  • Strategize and Lead: Maintain enterprise GRC strategy aligned with public company compliance requirements including SOX, SEC cybersecurity rule, SOC 2, NIST CSF, and other regulatory obligations (e.g., HIPAA, PCI DSS, depending on vertical).
  • Drive Technical Risk Management: Proactively identify, assess, and track cyber and IT risks across infrastructure, applications, and cloud environments (AWS, Azure, GCP). Maintain a living risk register and coordinate technical risk mitigation strategies with Engineering and Cloud Security teams.
  • Implement and Scale GRC Tooling: Deploy and optimize modern GRC platforms for automation, real-time dashboards, control testing, evidence collection, and reporting.
  • Security Policy Governance: Author and maintain high-quality security policies, standards, and procedures mapped to control frameworks. Ensure policies are reviewed regularly and implemented effectively.
  • Third-Party Risk Oversight: Lead a mature third-party risk management (TPRM) program, including onboarding security reviews, periodic assessments, and ongoing monitoring.
  • Metrics and Reporting: Develop, maintain, Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs). Provide clear, actionable reporting on GRC posture and control effectiveness.
  • Audit & Regulatory Engagement: Partner with Internal Audit and Legal to support annual audits, security attestations (SOC 2 Type II) and new regulatory.
  • Security Awareness & Culture: Manage robust security awareness programs and phishing simulations to increase employee vigilance and reduce human risk factors.
  • IAM & Data Governance: Support governance of Identity & Access Management (IAM) processes, data classification models, and Data Loss Prevention (DLP) controls, ensuring alignment with zero trust principles.
  • Lead Security Committees: Facilitate security steering committee meetings to align risk decisions with organizational goals, track remediation, and drive ownership across departments.
  • Emerging Trends: Monitor evolving regulatory landscapes, GRC technology trends (e.g., AI-powered compliance), and threat intelligence to continuously enhance the GRC program.
Preferred Qualifications:
  • Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, Risk Management, or 5+ years professional experience in GRC or Information Security Management in a highly regulated enterprise (preferably finance, banking, or a publicly traded company).
  • At least one of the following certifications (must be active): CISSP, CISA, CRISC, CISM, CIPT, CIPP/USISO 27001 Lead Implementer
  • Demonstrated ability to lead cross-functional teams and influence stakeholders at all levels, including executives.
  • Strong people management skills, with experience mentoring team members, managing performance, and fostering a collaborative, high-accountability culture.
  • Strong experience with multiple frameworks and standards: SOC 2, NIST CSF, SOX, PCI, HIPAA.
  • Demonstrated success leading third-party risk assessments, policy governance, and enterprise risk management programs in hybrid and cloud-native environments, with a focus on reducing vendor risk, ensuring compliance, and aligning with business objectives.
  • Demonstrated ability to communicate with technical engineers and translate complex technical risk into business impact for executive audiences.
  • Excellent written and verbal communication skills for collaborating with senior stakeholders, internal auditors, and external regulators.
  • Strong understanding of IAM, DLP, vulnerability management, and cloud security practices.
  • Passion for staying current with cybersecurity regulations, threat landscapes, and GRC best practices.
Minimum Qualifications Required:
  • College Degree or equivalent required
  • 8 years related experience
  • Strong technical knowledge
  • Proficient project management skills
  • Knowledge of industry regulations
  • Ability to lead and coordinate the team activities of others
  • Ability to formulate, document and recommend new policies and procedures
  • Able to manage a team
  • Demonstrated ability to communicate verbally and in writing throughout all levels of an organization, both internally and externally
  • Ability to travel as required by business and on-call availability
  • Ability to lift up to 50 lbs.
#LI-MM2 #LI-Hybrid

Cbiz