Director/Manager, GRC

The purpose of the Director/Manager GRC function is to provide highly skilled technical and information security expertise for the development and implementation of the information security risk management program.

Responsibilities require leadership and project management experience, as well as expertise to ensure effective system-wide security analysis; intrusion detection; standards and testing; risk assessment; awareness and education; and development of policies, standards, and guidelines.

The job description of a Director/Manager GRC can include the following:


  • Recommend programmatic and technical directions and operate with a high degree of independence in matters relating to the investigation, impact, and analysis of security incidents, decisions regarding risk, and measures for computer and network security.
  • Lead the development and implementation of the system-wide risk management function of the information security program to ensure information security risks are identified and monitored.
  • Internally assess, evaluate, and make recommendations to management regarding the adequacy of the security controls for the organization’s information and technology systems.
  • Lead the system-wide information security compliance program, ensuring IT activities, processes, and procedures meet defined requirements, policies, and regulations.
  • Develop and implement effective and reasonable policies and practices to secure protected and sensitive data.
  • Ensure information security and compliance with relevant legislation and legal interpretation.

Selection Criteria:

  • Bachelor’s degree in information technology or another related field.
  • <<x>> years of advanced IT skills with a high level of information security experience and expertise.
  • Knowledge of information security risk management frameworks and compliance practices.
  • Ability to develop security standards and guidelines based on best practices and industry standards.
  • Experience responding to, analyzing, and communicating information security incidents.
  • Excellent interpersonal, communication, and presentation skills, including formal report-writing.