What are the responsibilities and job description for the Governance Risk Compliance Senior Manager position at B12 Consulting?
Duties and Responsibilities:
Provide executive oversight of Governance, Risk & Compliance programs including policy governance, enterprise risk management, compliance frameworks, and change initiatives.
Direct and support the activities of the Manager of Governance, Manager of Risk & Compliance, and Manager of Change Management to ensure program integration, continuity, and effectiveness.
Ensure compliance with data security and assurance standards including PCI DSS, SOC 1, and SOC 2 by developing and maintaining relevant policies, controls, and audits.
Develop and maintain a comprehensive risk assessment and mitigation strategy for the company's Tolling Operations.
Oversee the third-party risk management (TPRM) program, conducting vendor due diligence, security assessments, and contract reviews to ensure appropriate risk controls are in place.
Collaborate with internal departments and external partners to improve operational governance and risk posture.
Lead strategic planning and reporting related to GRC objectives and performance metrics.
Support training, communication, and awareness programs to cultivate a risk-informed organizational culture. Participate in audit and incident response processes to ensure transparency and appropriate mitigation.
Knowledge, Skills and Abilities:
Expert knowledge of compliance and assurance frameworks including PCI DSS, SOC 1, and SOC 2 reporting requirements.
Extensive knowledge of risk management, compliance regulations, governance models, and change management frameworks.
Strong understanding of IT controls, data protection policies, and third-party risk.
Proven leadership and people management skills in cross-functional environments.
Excellent analytical, communication, and strategic planning skills with the ability to translate complex security and compliance issues into business-relevant language.
Deep understanding of public sector regulatory environments and operations.
Ability to build cross-functional relationships and lead multi-departmental initiatives.
Required Education/Experience:
Bachelor’s degree in Information Security, Risk Management, Business Administration, or related field.
5–7 years of progressive experience in GRC, compliance, audit, or risk management roles.
Minimum 2–3 years of direct experience managing PCI DSS and SOC 1 / SOC 2 compliance efforts.
Proven experience developing and managing vendor risk and third-party assessment programs.
Leadership or mentoring experience in a GRC or risk-focused role.
Preferred professional certifications, one or more of the following:
Master's degree
Certified Information Systems Auditor (CISA)
Certified in Risk and Information Systems Control (CRISC)
Certified Information Security Manager (CISM)
Certified Information Systems Security Professional (CISSP)
Certified in Governance of Enterprise IT (CGEIT)
PCI Professional (PCIP) or similar PCI-related certification