Atlanta, Georgia, United States

GRC Manager

 Job Description:

About the Role

Merci Technologies is seeking an experienced GRC Manager to lead governance, risk, and compliance initiatives for one of our enterprise clients on a remote contract engagement. In this role, you will serve as the primary driver of the organization's GRC program — overseeing policy development, risk assessments, audit readiness, and regulatory compliance across a complex technology environment.

The GRC Manager will work closely with legal, IT security, operations, and executive leadership to ensure the organization maintains a strong and defensible compliance posture while enabling business objectives.

Responsibilities

  • Lead the design, implementation, and ongoing management of the enterprise GRC program including policies, standards, and procedures
  • Conduct and oversee enterprise risk assessments, identify control gaps, and develop risk treatment plans aligned to business priorities
  • Manage audit and assessment activities including SOC 2, ISO 27001, NIST CSF, CMMC, or equivalent frameworks
  • Develop and maintain the organization's risk register, tracking remediation progress and reporting status to senior leadership
  • Collaborate with IT, legal, and business teams to ensure compliance with applicable regulations including GDPR, CCPA, HIPAA, or industry-specific requirements
  • Oversee third-party vendor risk management activities including assessments, due diligence, and ongoing monitoring
  • Develop and deliver security awareness and compliance training programs for internal stakeholders
  • Prepare executive-level reports, dashboards, and presentations on risk posture, compliance status, and program maturity
  • Mentor and guide junior GRC analysts and contribute to team capability development
  • Stay current on emerging regulatory developments and industry best practices and translate them into actionable program updates

Required Qualifications

  • 7–10 years of experience in GRC, information security, or risk management roles with at least 2 years in a leadership or management capacity
  • Deep knowledge of GRC frameworks and standards including NIST CSF, NIST 800-53, ISO 27001, SOC 2, and CIS Controls
  • Hands-on experience managing compliance programs across regulated industries such as healthcare, finance, energy, or government
  • Strong understanding of third-party and vendor risk management practices
  • Experience leading internal and external audit engagements from preparation through closure
  • Excellent written and verbal communication skills with demonstrated ability to present to executive and board-level audiences
  • Strong project management skills with ability to manage multiple concurrent initiatives in a remote environment
  • Must be legally authorized to work in the United States without employer sponsorship

Preferred Qualifications

  • Active certifications such as CISA, CRISC, CISM, CISSP, or ISO 27001 Lead Auditor
  • Experience with GRC platforms such as ServiceNow GRC, Archer, OneTrust, or equivalent
  • Familiarity with CMMC, NERC CIP, or FedRAMP compliance requirements
  • Experience supporting M&A security due diligence or post-merger integration activities
  • Background working in a managed services or consulting environment
  Required Skills:

Readiness Hipaa Environment Reports Analysts Information Security Development Closure Management Skills Organization Due Diligence Training Programs Operations Compliance Energy ServiceNow Regulatory Compliance Consulting Healthcare Government Risk Management Communication Skills Integration Presentations Regulations Security Preparation Finance Design Business Project Management Training Leadership Communication Management