CBIZ · 7 hours ago
Technical Governance, Risk, & Compliance Manager
Cleveland, OH
Full-time
Onsite
Senior Level
6+ years expCBIZ Inc. is a leading professional services advisor to middle market businesses and organizations nationwide. They are seeking a Technical Governance, Risk, and Compliance Manager to drive the maturity of their enterprise GRC program, focusing on aligning security risk and controls with business outcomes while ensuring compliance across the organization.
Bookkeeping and PayrollManagement ConsultingProfessional ServicesSmall and Medium Businesses
Hiring Manager
Catherine Richenburg
Responsibilities
Strategize and Lead: Maintain enterprise GRC strategy aligned with public company compliance requirements including SOX, SEC cybersecurity rule, SOC 2, NIST CSF, and other regulatory obligations (e.g., HIPAA, PCI DSS, depending on vertical)
Drive Technical Risk Management: Proactively identify, assess, and track cyber and IT risks across infrastructure, applications, and cloud environments (AWS, Azure, GCP). Maintain a living risk register and coordinate technical risk mitigation strategies with Engineering and Cloud Security teams
Implement and Scale GRC Tooling: Deploy and optimize modern GRC platforms for automation, real-time dashboards, control testing, evidence collection, and reporting
Security Policy Governance: Author and maintain high-quality security policies, standards, and procedures mapped to control frameworks. Ensure policies are reviewed regularly and implemented effectively
Third-Party Risk Oversight: Lead a mature third-party risk management (TPRM) program, including onboarding security reviews, periodic assessments, and ongoing monitoring
Metrics and Reporting: Develop, maintain, Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs). Provide clear, actionable reporting on GRC posture and control effectiveness
Audit & Regulatory Engagement: Partner with Internal Audit and Legal to support annual audits, security attestations (SOC 2 Type II) and new regulatory
Security Awareness & Culture: Manage robust security awareness programs and phishing simulations to increase employee vigilance and reduce human risk factors
IAM & Data Governance: Support governance of Identity & Access Management (IAM) processes, data classification models, and Data Loss Prevention (DLP) controls, ensuring alignment with zero trust principles
Lead Security Committees: Facilitate security steering committee meetings to align risk decisions with organizational goals, track remediation, and drive ownership across departments
Emerging Trends: Monitor evolving regulatory landscapes, GRC technology trends (e.g., AI-powered compliance), and threat intelligence to continuously enhance the GRC program
Qualification
Preferred
Bachelor's degree in Cybersecurity, Computer Science, Information Systems, Risk Management, or 10 years professional experience in GRC or Information Security Management in a highly regulated enterprise (preferably finance, banking, or a publicly traded company)
At least one of the following certifications (must be active): CISSP, CISA, CRISC, CISM, CIPT, CIPP/USISO 27001 Lead Implementer
Demonstrated ability to lead cross-functional teams and influence stakeholders at all levels, including executives
Strong people management skills, with experience mentoring team members, managing performance, and fostering a collaborative, high-accountability culture
Strong experience with multiple frameworks and standards: SOC 2, NIST CSF, SOX, PCI, HIPAA
Demonstrated success leading third-party risk assessments, policy governance, and enterprise risk management programs in hybrid and cloud-native environments, with a focus on reducing vendor risk, ensuring compliance, and aligning with business objectives
Demonstrated ability to communicate with technical engineers and translate complex technical risk into business impact for executive audiences
Excellent written and verbal communication skills for collaborating with senior stakeholders, internal auditors, and external regulators
Strong understanding of IAM, DLP, vulnerability management, and cloud security practices
Passion for staying current with cybersecurity regulations, threat landscapes, and GRC best practices
Bachelor's degree or equivalent experience required
At least 6 years of related experience required
Minimum 3 years of supervisory experience required
A degree in Information Technology, Computer Systems Analysis, or Management Information Systems is preferred
PMP preferred
Demonstrated knowledge of healthcare industry regulations, policies, and procedures
Demonstrated knowledge and experience working with business stakeholders and leaders, IT project planning, delivery, and execution using Traditional and Agile SDLC methodologies
Experience with VSTS, Jira, and/or other team/project collaboration tools
Ability to work in and lead a team, while communicating and coordinating with peer teams
Ability to formulate, document and recommend new policies and procedures
Demonstrated ability to communicate verbally and in writing throughout all levels of an organization, both internally and externally
Ability to travel as required by business and on-call availability
Ability to lift up to 50lbs
Company
CBIZ
CBIZ through its subsidiaries, provides professional business services primarily to small and medium-sized businesses, individuals,
10001+ employees
H1B Sponsorship
CBIZ has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (1)
2023 (1)
2022 (1)
2020 (2)
Funding
Current Stage
Public CompanyTotal Funding
unknown2003-06-04Acquired
1995-05-05IPO
Leadership Team
Brad Lakhia
Senior Vice President & Chief Financial Officer
W
Ware H. Grove
SVP & CFO
Recent News
2026-01-22
2025-12-18
Company data provided by crunchbase