Technical Governance, Risk, & Compliance Manager

About the position CBIZ, Inc. is a leading professional services advisor to middle market businesses and organizations nationwide. With unmatched industry knowledge and expertise in accounting, tax, advisory, benefits, insurance, and technology, CBIZ delivers forward-thinking insights and actionable solutions to help clients anticipate what's next and discover new ways to accelerate growth. CBIZ has more than 10,000 team members across more than 160 locations in 22 major markets coast to coast. CBIZ strives to be our team members' employer of choice by creating an environment where team members are appreciated, recognized for their contributions, and provided with opportunities to grow, both personally and professionally, throughout their careers. We are seeking a highly skilled and forward-thinking Technical Governance, Risk, and Compliance (GRC) Manager to drive the maturity of our enterprise GRC program within a publicly traded, technology-driven organization. This position is ideal for a proven GRC leader with a deep understanding of information security frameworks, cloud compliance, automation-driven GRC tooling, and regulatory alignment for public companies. The ideal candidate will bring a technical-first mindset, a strong grasp of emerging threats, and practical experience aligning security risk and controls with business outcomes in complex environments. You will work cross-functionally with InfoSec, Engineering, Legal, and Internal Audit teams to establish scalable governance processes, reduce enterprise risk, and ensure compliance across the digital and physical estate.

Responsibilities

• Maintain enterprise GRC strategy aligned with public company compliance requirements including SOX, SEC cybersecurity rule, SOC 2, NIST CSF, and other regulatory obligations.
• Proactively identify, assess, and track cyber and IT risks across infrastructure, applications, and cloud environments (AWS, Azure, GCP).
• Deploy and optimize modern GRC platforms for automation, real-time dashboards, control testing, evidence collection, and reporting.
• Author and maintain high-quality security policies, standards, and procedures mapped to control frameworks.
• Lead a mature third-party risk management (TPRM) program, including onboarding security reviews, periodic assessments, and ongoing monitoring.
• Develop, maintain, Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs).
• Partner with Internal Audit and Legal to support annual audits, security attestations (SOC 2 Type II) and new regulatory.
• Manage robust security awareness programs and phishing simulations to increase employee vigilance and reduce human risk factors.
• Support governance of Identity & Access Management (IAM) processes, data classification models, and Data Loss Prevention (DLP) controls.
• Facilitate security steering committee meetings to align risk decisions with organizational goals, track remediation, and drive ownership across departments.
• Monitor evolving regulatory landscapes, GRC technology trends, and threat intelligence to continuously enhance the GRC program.

Requirements

• Bachelor's degree in Cybersecurity, Computer Science, Information Systems, Risk Management, or 5+ years professional experience in GRC or Information Security Management in a highly regulated enterprise.
• At least one of the following certifications (must be active): CISSP, CISA, CRISC, CISM, CIPT, CIPP/USISO 27001 Lead Implementer.
• Demonstrated ability to lead cross-functional teams and influence stakeholders at all levels, including executives.
• Strong people management skills, with experience mentoring team members, managing performance, and fostering a collaborative, high-accountability culture.
• Strong experience with multiple frameworks and standards: SOC 2, NIST CSF, SOX, PCI, HIPAA.
• Demonstrated success leading third-party risk assessments, policy governance, and enterprise risk management programs.
• Demonstrated ability to communicate with technical engineers and translate complex technical risk into business impact for executive audiences.
• Excellent written and verbal communication skills for collaborating with senior stakeholders, internal auditors, and external regulators.
• Strong understanding of IAM, DLP, vulnerability management, and cloud security practices.
• Passion for staying current with cybersecurity regulations, threat landscapes, and GRC best practices.

Apply tot his job Apply To this Job