Governance Risk and Compliance Sr. Manager

We are seeking a highly skilled Global IT Governance Risk and Compliance Sr. Manager to join our IT team at our Assumption, IL facility. The ideal candidate will ensure that GPT's IT systems and processes meet legal, regulatory, and internal policy requirements through risk assessments, audits, documentation, policy development, and employee training. They will serve as a bridge between departments—aligning data protection controls with operations, supporting regulator interaction, and leading privacy and cybersecurity compliance functions.

They will manage data privacy initiatives from zero to full compliance, bringing together stakeholders, securing management buy‑in, and delivering GDPR and global privacy programs. They will proactively identify and mitigate privacy and security risks and vulnerabilities, strengthen organizational resilience, and build trust with customers, employees, and partners.

• Plan, coordinate, and implement GDPR projects including risk assessments, data mapping, DPIAs, and impact analysis.
• Lead cross-functional initiatives to ensure compliance with global privacy laws (GDPR, LGPD, CCPA, etc.).

• Plan, coordinate, and implement NIS2, NIST and other Cyber compliance projects.
• Work with vCISO and other outsourcing partners in the Cyber space to ensure compliance with different local legislation and standards.

• Develop, maintain, and continuously improve IT compliance policies, procedures, guidelines, and internal controls to support effective governance.
• Develop and maintain comprehensive IT compliance frameworks aligned with GDPR, ISO
  27001, NIST, NIS2, and SOX as applicable for the size of the organization.
• Implement and monitor security and privacy controls—including access management, encryption, logging, and data protection measures.
• Monitor regulatory changes and ensure compliance with new requirements.
• Ensure ‘secure by design' principles are applied across systems and projects.
• Support accurate maintenance of the IT asset inventory and compliance-related asset processes.

• Lead internal and external IT audits, regulatory reviews, and risk assessments.
• Produce compliance reports covering status, risk performance, KPIs, and audit findings.
• Build and maintain dashboards to track compliance obligations and remediation efforts.
• Act as point of contact with authorities and external auditors during reviews or investigations. (MB1)

• Ensure training plans and initiatives are sufficient for staff on compliance requirements, privacy principles, and IT policies to all staff levels.
• Develop ongoing awareness programs to embed a culture of compliance.

• Build IT risk management for the organization, defining roles and responsibilities, ensuring IT risks are categorized and managed.
• Build plans to create risk management standards, policies and procedures; work with vCISO to ensure all required documents and processes are defined.
• Work with senior leaders to develop a risk balanced approach, define actions and implement such.

• Investigate compliance breaches and monitor investigations of security incidents, ensuring root‑cause analysis and corrective action.
• Support incident response activities from a privacy and regulatory perspective.

• Bachelor's or Master's degree in law (privacy/data protection), Information Technology, Cybersecurity, Computer Science, or Risk/Compliance
• Relevant certifications such as CIPP‑E, CIPM, CISSP, CISA, or CRISC are advantageous
• 5+ years of experience in a similar position
• Strong understanding of IT security, data privacy, and global regulatory environments
• Strong written and oral communication skills
• Analytical mindset, critical thinking, and attention to detail
• Experience with data‑mapping tools, encryption protocols, audit and logging systems, and Privacy‑by‑Design frameworks
• Experience with GDPR, NIS2 and equivalent global privacy regulations

Expected annual salary for this role will be $130,000 - $160,000, plus eligible for an…