Governance, Risk and Compliance Manager
Listed on 2026-07-18
-
IT/Tech
Cybersecurity, Information Security
Overview
PSRS/PEERS is seeking an experienced, strategic, and forward‑thinking Governance, Risk, and Compliance Manager to join our Information Security Team. In this vital leadership role, you will oversee and advance the organization’s governance, risk, and compliance program, ensuring that cybersecurity policies, control frameworks, vendor diligence processes, audit activities, and documentation standards consistently support secure and risk‑informed operations. Working under the general direction of the Chief Information Security Officer (CISO), you will contribute directly to PSRS/PEERS’ ability to deliver secure, reliable, and compliant services to Missouri’s public educators.
YourRole at a Glance
As the GRC Manager, you will build and lead the GRC function, with the opportunity to grow and supervise a team of analysts as the program matures. You will guide policy development and maintenance, oversee the risk evaluation framework that shapes enterprise decision‑making, ensure comprehensive audit readiness, coordinate vendor due diligence processes, and maintain mappings to cybersecurity frameworks selected by the CISO, such as NIST CSF or CIS Controls.
Your work will support predictable audit outcomes, enforce disciplined documentation practices, and strengthen PSRS/PEERS’ overall security posture through thoughtful governance and consistent standards.
You will provide leadership and structure to PSRS/PEERS’ GRC functions, oversee day‑to‑day operations, manage cybersecurity policy lifecycle, maintain incident response documentation, update playbooks, and coordinate tabletop exercises. You will uphold strict documentation standards for SOPs, runbooks, and other operational materials, apply the enterprise risk evaluation framework consistently across vendor reviews and technology decisions, and act as the owner of audit readiness, coordinating evidence packets, reviews, and findings.
You will also oversee third‑party and vendor risk processes, maintain alignment with CISO‑selected frameworks, monitor organizational adherence to policies, develop security reporting, and support Legal and IT in data governance, eDiscovery, and preservation coordination.
• Own the cybersecurity policy and standards lifecycle by maintaining policies, evaluating exceptions, managing expirations, and ensuring compensating controls are documented.
• Maintain completeness and accuracy of incident response documentation, update playbooks, and coordinate tabletop exercises with follow‑up on action items.
• Ensure SOPs, runbooks, and operational materials adhere to required versioning, evidence, and repository guidelines.
• Apply the enterprise risk evaluation framework consistently across vendor reviews, technology decisions, exception approvals, and go/no‑go determinations, resolving escalations that exceed the organization’s risk appetite.
• Establish and enforce documentation standards for audit readiness, coordinate audits and examinations, and manage findings through completion.
• Oversee third‑party and vendor risk processes by coordinating intake and due diligence activities, prioritizing high‑risk vendors, evaluating gaps, and tracking remediation to resolution.
• Maintain alignment with CISO‑selected cybersecurity frameworks by documenting control mappings, assessing sufficiency, maintaining the control catalog, and managing the compliance calendar.
• Monitor organizational adherence to policies, maintain issue and exception registers, develop security reporting for leadership, and support Legal and IT in data governance, eDiscovery preparation, and preservation coordination.
• Cultivate a strong culture of governance, accountability, and continuous improvement, guiding staff development and contributing to long‑term GRC program planning and budgeting.
• Bachelor’s degree or equivalent experience, with a preferred concentration in business, accounting, audit, information systems, public policy, cybersecurity, or related fields.
• Minimum of 8 years of experience in governance, risk, and compliance, audit or compliance functions, cybersecurity risk, or closely related…
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).