Information Technology Governance, Risk, and Compliance Manager

the IT Governance, Risk, and Compliance (GRC) Manager at ALJ Enterprises, you will be responsible for ensuring the effective management and oversight of IT governance, IT risk management, and IT compliance activities across the organization.

You will play a critical role in establishing and maintaining a robust framework for identifying, assessing, and mitigating IT-related risks, as well as ensuring compliance with relevant regulations and industry standards.

Additionally, you will lead efforts to continuously improve and optimize IT GRC processes and procedures to enhance the overall security posture of the organization.

Responsibilities:

• Develop and implement an IT GRC framework, policies, and procedures to manage IT-related risks effectively and ensure compliance with regulatory requirements and industry standards.
• Establish and maintain an IT risk management program that includes risk identification, assessment, prioritization, mitigation, and monitoring.
• Conduct regular IT and Digital risk assessments and gap analyses to identify potential vulnerabilities and areas for improvement.
• Collaborate with IT, Digital, Innovation, and business stakeholders to define and implement controls and mitigation strategies to address identified risks.
• Monitor regulatory developments and industry trends to ensure ongoing compliance with relevant laws, regulations, and best practices.
• Oversee the execution of IT compliance activities, including audits, assessments, and certifications, to validate adherence to established policies and standards.
• Provide guidance and support to IT teams and business units on GRC-related matters, including risk identification, assessment methodologies, and compliance requirements.
• Develop and deliver training programs and awareness initiatives to promote a culture of compliance and risk awareness across the organization.
• Manage relationships with internal and external auditors, regulators, and other third-party stakeholders involved in IT GRC activities.
• Lead incident response and remediation efforts in coordination with relevant stakeholders to address security incidents and compliance violations.