IT Governance, Risk, and Compliance (GRC) leader

• Contract Role
• Hybrid Role, 3 days a week onsite Lewisville, TX

We are looking for a hands-on IT Governance, Risk, and Compliance (GRC) leader who is ready to roll up their sleeves and build a successful IT GRC program from the ground up. This position is ideal for someone who thrives in dynamic environments and can take initiative to develop, implement, and refine processes where none currently exist. You’ll need to assess the current state, identify gaps, fix issues, and track improvements while driving continuous evolution of IT GRC practices. The successful candidate will actively lead and do, not just manage, ensuring compliance, mitigating risks, and improving overall GRC processes in a fast-paced, growing organization.

Key Responsibilities:

• Drive the IT GRC program forward, working closely with stakeholders to establish and implement foundational processes.
• Perform risk assessments, identify vulnerabilities, and actively work to mitigate risks to ensure compliance with regulations, internal policies, and industry standards.
• Work directly with process owners, auditors (internal and external), and other stakeholders to develop and refine processes, resolve findings, and ensure continuous improvement.
• Lead the management of ISO27001 and SOC 2 compliance programs, ensuring practical, actionable steps are taken to meet these standards.
• Actively engage in risk management initiatives, updating and refining playbooks to reflect current industry standards, regulatory requirements, and best practices.
• Conduct regular compliance audits, including monitoring third-party audits, to ensure cybersecurity and other regulatory requirements are met.
• Continuously track compliance using key cybersecurity metrics and KPIs, ensuring that all relevant compliance targets are achieved and maintained.
• Develop and implement strategies that enhance the organization’s use of data, including improving data governance and technology adoption.
• Own the creation and maintenance of critical documentation such as data dictionaries, compliance reports, and action plans.
• Identify areas for improvement in existing IT GRC processes, actively address shortcomings, and develop and execute actionable remediation plans.
• Stay ahead of emerging trends in IT GRC, assessing new technologies and regulatory changes to ensure the program evolves alongside the industry.

Qualifications:

• Bachelor's degree in Information Technology, Computer Science, or a related field.
• Proven hands-on experience in IT governance, risk management, and compliance in a fast-paced, evolving environment.
• Solid understanding of key regulatory frameworks, such as HIPAA, ISO standards, PCI, SOC 2, GDPR, and CCPA.
• Strong ability to collaborate cross-functionally to drive compliance initiatives and gain buy-in from various teams.
• Ability to think strategically, while also being deeply involved in the tactical execution of IT GRC processes.
• Excellent communication skills with the ability to clearly articulate complex issues and provide practical solutions.
• Strong analytical and problem-solving skills, with a track record of identifying issues and driving resolution.
• Proven experience with data governance, data quality management, and supporting data privacy initiatives.
• Experience with incident response and disaster recovery planning in the context of cybersecurity.

Preferred Skills:

• Relevant certifications such as CISA, CISM, CRISC, or CISSP are a plus.
• Experience working in environments without formal processes, and the ability to develop and implement those processes from scratch.

This is a highly dynamic, hands-on position where you’ll be key in shaping the future of the IT GRC framework. If you're a self-starter who enjoys taking on a challenge and has a passion for creating effective solutions in an evolving space, we encourage you to apply!