Manager - Governance, Risk and Compliance (GRC)

At Holiday Inn Club Vacations, we believe in strengthening families. And we look for people who exhibit the courage, caring and creativity to help us become the most loved brand in family travel. We’re committed to growing our people, memberships, resorts and guest love. That’s why we need individuals who are passionate in life and bring those qualities to work every day. Do you instill confidence, trust and respect in those around you? Do you encourage success and build relationships? If so, we’re looking for you.

Holiday Inn Club Vacations seeking a highly motivated and detail-oriented Manager of Governance, Risk and Compliance to lead the development, implementation, and maturation of our enterprise GRC program. Reporting to Information Security leadership, you will oversee a team of GRC specialists and drive strategic initiatives across Third-Party Risk Management (TPRM), PCI DSS 4.0 compliance, NIST Cybersecurity Framework adoption, IT General Controls (ITGC), Vulnerability Management, and Risk Assessment. Ideal candidate is a proven GRC leader with experience in regulated environments, Expert in PCI DSS 4.0, NIST and TPRM lifecycle management, Strong people manager with strategic vision and operations execution skills.

ESSENTIAL DUTIES:

Program Leadership & Strategy
• Develop and execute the GRC roadmap aligned with business objectives.
• Lead, mentor, and manage a team of GRC specialists (direct reports).
• Oversee GRC budget, tooling (e.g., ServiceNow GRC), and vendor relationships.
Team & Operational Management
• Assign tasks, conduct performance reviews, and develop GRC staff.
• Drive GRC projects (e.g., tool implementation, framework adoption).
• Provide training to technology/business teams on GRC processes.
Governance & Compliance:
• Own PCI DSS 4.0 compliance, including audits, evidence collection, and remediation.
• Maintain policies/standards for NIST CSF, NIST 800-53, IT General Controls (ITGC), and data privacy.
• Coordinate internal/external audits (SOX, ISO 27001) and regulatory examinations
Third-Party Risk Management (TPRM):
• Oversee end-to-end vendor risk lifecycle: due diligence, contracts, assessments, and remediation.
• Collaborate with Legal, Procurement, and business units on high-risk vendor management.
Risk Management & Assessments:
• Direct enterprise risk assessments and threat modeling.
• Manage the risk register, KRIs, and executive risk reporting.
• Integrate vulnerability data (e.g. Rapid 7, Qualys, Tenable,) into risk prioritization
Cross-Functional Collaboration & Leadership:
• Serve as a liaison between Cybersecurity, Technology, Legal, Risk, and business units to support security and compliance goals.
• Oversee and Lead GRC-related projects and initiatives, ensuring on-time delivery and alignment with organizational objectives.
• Provide guidance, training, and mentorship to GRC Specialist and other technology staff.

REQUIREMENTS:
• Bachelor’s degree in Cybersecurity, Risk Management, Business, or related field experience.
• 5–7 years in GRC, IT audit, or information security roles.
• 2+ years managing direct reports.
• Hands-on experience with PCI DSS, NIST CSF, NIST 800-53, and ITGC
• Experience in hospitality, timeshare, or financial services.

PROFESSIONAL SKILLSET QUALIFICATIONS:
• Expertise in GRC platforms (e.g. ServiceNow GRC, Audit Board, Archer).
• Proficiency in vulnerability management (Qualys, Tenable, Rapid7).
• Knowledge of cloud security (AWS/Azure), data privacy laws (CCPA, GDPR), PCI DSS 4.0, and SOX.
Certifications:
• Certified Information Systems Auditor (CISA)
• Certified Information Security Manager (CISM)
• Certified in Risk and Information Systems Control (CRISC)
• PCI Professional (PCIP) or ISA
• CISSP or equivalent
• Ability to build high-performing teams
• Strategic thinker about to align GRC initiatives with business goals
• Excellent verbal and written communication skills.
• Ability to manage multiple projects and priorities.
• Collaborative mindset with the ability to influence cross-functional teams.
• Strong attention to detail and a commitment to continuous improvement.
• Direct management of 2–4 GRC Specialists/Analysts.
• Responsibilities include hiring, training, performance management, and workload allocation