GRC Manager; Governance, Risk, and Compliance

Job Summary

As Aegis Mobile continues to grow and engage with enterprise partners, we are formalizing and expanding our governance, risk, and compliance capabilities. This role represents a key step in maturing our compliance program to support ongoing certification efforts, evolving regulatory expectations, and long-term scalability.

The GRC Manager will establish and operate the systems and processes required to ensure consistent control execution, effective risk management, and sustained audit readiness across the organization.

The GRC Manager is responsible for the day-to-day operation of Aegis Mobile’s governance, risk, and compliance program. This role owns the core components of the program, including the risk register, control library, and evidence management processes, ensuring controls are implemented, maintained, and verifiable across the organization.

Working cross-functionally, the GRC Manager drives coordination between technical and business teams to support compliance activities, enforce control ownership, and maintain audit readiness. This role also serves as the primary interface for external auditors and compliance partners, ensuring that audits and assessments are executed efficiently and without disruption to the business.

• Own and operate the GRC program, including governance processes and workflows
• Own the risk register, including risk identification, assessment, and tracking
• Own and manage the control library, including control definitions and mappings
• Own evidence collection for audits and ongoing compliance
• Lead preparation for and coordination of certification audits
• Serve as primary liaison for external auditors and compliance partners
• Maintain and evolve management systems (e.g., ISMS, QMS)
• Identify control gaps and drive remediation efforts with system and process owners
• Report on compliance posture, risk status, and audit readiness to leadership

• Operates with an ownership mindset, driving work to completion
• Maintains continuous audit readiness, not point-in-time preparation
• Drives cross-team coordination, ensuring timely execution of control and compliance activities
• Applies practical judgment, balancing compliance rigor with operational efficiency
• Communicates clearly across technical and non-technical stakeholders
• Builds scalable, repeatable processes appropriate for a growing organization

• Hands-on experience supporting at least one certification cycle (ISO 27001 preferred)
• Direct involvement in formal audits or assessments (e.g., Stage 1 / Stage
  2)
• Experience implementing and operating controls within a management system (e.g., ISMS, QMS)
• Strong understanding of:
• Risk management frameworks
• Control design and evaluation
• Audit and evidence requirements
• Experience working with external auditors and/or compliance consultants
• Familiarity with multi-framework environments and control mapping concepts

• Ability to understand and validate controls within cloud-based environments (Azure preferred)
• Familiarity with identity and access management concepts
• Understanding of logging, monitoring, and backup controls and how they support audit requirements
• Ability to engage with engineering teams on application and infrastructure architecture at a conceptual level

• Familiarity with ISO
  27701 (privacy)
• Familiarity with ISO 9001 (quality)
• Familiarity with ISO 22301 (business continuity)
• Experience in SaaS or cloud-based environments
• Experience in organizations with maturing processes
• Exposure to GRC or compliance management platforms

• 4–8+ years of experience in GRC, compliance, or information security
• Demonstrated participation in at least one successful certification audit
• Bachelor’s degree in a relevant field (or equivalent experience)
• Relevant certifications are a plus but not required
• Willingness to attend in-person meetings at an Aegis office location as needed