GRC Director

Company Description

Elite is the leading global provider of innovative business management solutions that enable law firms and professional services organizations to streamline operations, maximize efficiency, and increase visibility into all aspects of their businesses. Our Company is focused on enabling firms of all sizes and locations to meet their true potential and provide the best service for their clients. 

Job Description

Reporting directly to the Head of Information Security, the Director, Governance, Risk, and Compliance (GRC) plays an instrumental role in guiding the company's GRC strategies and processes. As the primary GRC authority, this leader ensures the alignment of the company's risk management framework with its business objectives and regulatory requirements. A vital addition to the GRC team, the Director significantly contributes to the company's overall strategy and goals by establishing robust compliance mechanisms and effective risk mitigation measures. 

The successful candidate will possess a balanced combination of profound technical expertise and an established background in GRC. This role demands comprehensive and extensive knowledge, particularly in the areas of corporate governance, risk management, regulatory compliance, and the creation of enterprise wide GRC policies. The Director of GRC should be equipped to identify and address potential vulnerabilities, while proactively enhancing the company's overall GRC posture. 

WHAT YOU’LL DO 

• Strategy Development: Define, develop, and oversee the implementation of the GRC strategy aligned with the company's business goals and legal requirements. 

• Policy & Procedure Management: Develop, maintain, and oversee GRC policies and procedures to ensure they are in accordance with applicable laws, regulations, and industry standards, including but not limited to GDPR, CCPA, HIPAA, and SOX. 

• Risk Management: Identify, assess, and monitor enterprise risks, including strategic, operational, financial, privacy, and cybersecurity risks. Implement risk mitigation strategies and mechanisms to address identified risks and potential non-compliance. 

• Data Privacy: Ensure compliance with global data privacy and protection regulations, including GDPR in Europe and CCPA in California, through the creation and maintenance of robust data handling and privacy policies. 

• Regulatory Compliance: Maintain a current understanding of relevant laws and regulations to ensure the organization achieves and sustains compliance. Proactively monitor and respond to regulatory changes and updates. 

• GRC Reporting: Create comprehensive GRC reports for the executive leadership and board of directors that provide clear insights into the company's risk profile, compliance status, and governance effectiveness. 

• Training & Awareness: Oversee the creation and implementation of a GRC awareness and training program to ensure that employees are aware of the role they play in maintaining good governance and compliance. 

• Third-party Management: Manage and monitor the GRC aspects of third-party relationships to ensure that vendors and partners are adhering to the company's GRC policies and relevant regulations. 

• Audit Management: Coordinate with internal and external auditors to facilitate audits, with the goal of assuring compliance and address potential issues proactively. 

• Incident Response: Develop and implement an incident response plan to handle GRC-related incidents effectively, including data breaches or non-compliance events. 

• Continuous Improvement: Regularly review and refine the company's GRC practices, leveraging technology and industry best practices to drive efficiency and effectiveness. 

Qualifications

WHAT YOU’LL NEED 

• Bachelors of Science Degree in Information Security or related field, or equivalent years of experience 

• CISSP, CISA, Security+, CED, CIH+ or related certification in security operations and engineering 

• Ten or more years of experience in Information Security, working with GRC tools and methodology 

• In-depth Knowledge of Relevant Laws and Regulations: This includes an understanding of data protection laws such as GDPR and CCPA, as well as other regulatory frameworks relevant to the specific industry and location of the business. 

• Risk Management Skills: Ability to identify, analyze, and effectively mitigate or manage enterprise risks. Familiarity with risk management frameworks and methodologies is essential. 

• Strategic Thinking and Leadership: Strong ability to lead and manage the GRC function, develop and execute strategic plans, and guide the organization towards its GRC objectives. 

• Communication and Presentation Skills: Excellent written and verbal communication skills, with the ability to present complex GRC issues and strategies clearly to various stakeholders, including the executive team and board of directors. 

• Analytical Skills: Strong ability to analyze complex data, interpret compliance requirements, and develop effective solutions. 

• Project Management Skills: Proficiency in planning, executing, and monitoring multiple projects simultaneously to ensure they are completed on time and within budget. 

• Negotiation and Influencing Skills: Ability to negotiate with, influence, and secure buy-in from various stakeholders, both internal and external, to achieve GRC objectives. 

• IT Proficiency: Familiarity with the use of GRC technology solutions, as well as a broad understanding of information security principles and best practices. 

• Continuous Learning: A commitment to keeping up to date with the latest developments in the GRC field, including evolving laws and regulations, emerging risks, and best practices in GRC management. 

Additional Information

As a global business, we rely on diversity of culture and thought to deliver on our goals. To ensure we can do that, we seek talented, qualified employees in all our operations around the world regardless of race, color, sex/gender, including pregnancy, gender identity and expression, national origin, religion, sexual orientation, disability, age, marital status, citizen status, veteran status, or any other protected classification under applicable law. We are proud to be an Equal Employment Opportunity/Affirmative Action Employer providing a drug-free workplace. 

We also provide reasonable accommodation for qualified individuals with disabilities and for sincerely held religious beliefs in accordance with applicable law.