Governance Risk & Compliance (GRC) Manager

Title: Governance Risk & Compliance (GRC) Manager

State Role Title: Salary Non-Specified

Hiring Range: $148,496 - $165,000

Pay Band: UG

Agency: Virginia Retirement System

Location: Virginia Retirement System

Agency Website: www.varetire.org/careers

Recruitment Type: General Public - G

Job Duties

The GRC Manager plays a critical role in developing and maintaining a robust security framework that supports the organization’s risk management and compliance objectives. This position is responsible for identifying, assessing, mitigating, and monitoring risks across the enterprise while ensuring adherence to applicable laws, regulations, and internal policies. 

This role requires a strategic thinker with strong leadership skills and a deep understanding of information security, risk management, and regulatory compliance.

Essential functions include but not limited to:

Risk Assessment and Management:
• Conduct regular risk assessments across all organizational functions to identify potential risks and their impact.
• Prioritize risks based on severity and likelihood and develop mitigation strategies.
• Maintain a risk register to track identified risks, mitigation actions, and progress.
• Perform security reviews on VRS systems to ensure CIA best practices are being followed and maintained.

Compliance Management:
• Monitor compliance with applicable laws, regulations, and COV controls.
• Develop and implement compliance policies and procedures.
• Conduct compliance audits and reviews to identify gaps and ensure adherence.
• Conduct quality assurance reviews and assess compliance with policies and standards.
• Coordinate the Security Teams response to audit request.
• Proactively monitor for potential audit points or issues. Remediate before they become audit findings.

Governance Framework:
• Establish and maintain a robust governance framework, including clear roles and responsibilities for risk management.
• Facilitate communication and collaboration between different departments regarding risk and compliance matters.
• Develop key performance indicators (KPIs) to measure the effectiveness of GRC initiatives.
• Defines, updates and enforces security policies to reduce risk.
• Performs and approves security reviews and recommendations on proposed and new software and hardware solutions.

Reporting and Communication:
• Prepare regular reports on risk and compliance status for management.
• Communicate critical risk issues and mitigation plans to relevant stakeholders.
• Provide training and awareness programs on GRC policies and procedures
• Report metrics on compliance adherence.
• Develop and enforce Information Security principles and policies (such as, COV Security Policies, HIPPA, NIST 800-53 standards.
• Participate in on-call rotation that provides security support outside of normal business hours
• All other duties as assigned.

Minimum Qualifications

Bachelor’s degree in computer science or a closely related field.

Ten (10) years of experience in Governance Risk and Compliance with at least 5 years in a management role or an equivalent combination of education and experience.

Additional Considerations

Experience in a financial organization preferred.

Certification such as ISC2 CISSP, CGRC or equivalent security certifications preferred.

Prior experience as an ISSO or BISO preferred.

Special Instructions

You will be provided a confirmation of receipt when your application and/or résumé is submitted successfully. Please refer to “Your Application” in your account to check the status of your application for this position.

Contact Information

Name: Human Resources

Email: careers@varetire.org

In support of the Commonwealth’s commitment to inclusion, we are encouraging individuals with disabilities to apply through the Commonwealth Alternative Hiring Process. To be considered for this opportunity, applicants will need to provide their AHP Letter (formerly COD) provided by the Department for Aging & Rehabilitative Services (DARS), or the Department for the Blind & Vision Impaired (DBVI). Service-Connected Veterans are encouraged to answer Veteran status questions and submit their disability documentation, if applicable, to DARS/DBVI to get their AHP Letter. Requesting an AHP Letter can be found at AHP Letter or by calling DARS at 800-552-5019.

Note: Applicants who received a Certificate of Disability from DARS or DBVI dated between April 1, 2022- February 29, 2024, can still use that COD as applicable documentation for the Alternative Hiring Process.