GRC Manager

Symmetrio is seeking a GRC Manager to support a large enterprise organization. In this hands-on leadership role, you’ll be responsible for developing and implementing a governance, risk, and compliance (GRC) framework across policy, audit, and risk management functions.

The ideal candidate will bring structure to complexity; translating regulatory requirements into actionable processes that enhance visibility, accountability, and cybersecurity readiness. This position requires a strong mix of strategic vision and operational execution, with an emphasis on workflow design, risk modeling, and policy alignment.

This is a hybrid position requiring on-site presence in Philadelphia two to three days per week. The salary range for this role is $105,000 to $140,000, based on experience.

Responsibilities

• Lead the design, development, and rollout of an enterprise-wide GRC solution, aligning program objectives with policy, audit, and risk requirements.

Develop and implement integrated workflows for:

• Policy Management: Oversee document lifecycle, approval processes, and retention schedules.
• Audit & Compliance: Establish control assignment models, streamline evidence collection, automate testing, and manage exception handling.
• Risk Management: Build risk-to-control mappings, establish prioritization frameworks, and track Plans of Action and Milestones (POAMs).

• Develop and refine vendor risk scoring models to enhance third-party oversight and accountability.
• Create and standardize templates, forms, and dashboards for system inventories, POAMs, and compliance documentation.
• Lead the development and maintenance of a Security Minimum Baseline, ensuring regulatory alignment and cybersecurity readiness.
• Review and cross-map security policies against frameworks such as HIPAA, CJIS, IRS Pub 1075, and PCI-DSS.
• Collaborate with IT, audit, and information security teams to integrate GRC workflows with existing enterprise platforms (e.g., ServiceNow, Archer, or similar).
• Analyze audit findings, identify control gaps, and drive corrective actions that strengthen compliance posture and operational resilience.

• 5+ years of experience in governance, risk, and compliance, IT audit, or cybersecurity program management.
• Proven success implementing or managing enterprise-level GRC frameworks or platforms.
• Strong understanding of NIST, ISO 27001, FISMA, and FedRAMP standards and control structures.
• Skilled in policy development, control documentation, and regulatory interpretation.
• Excellent communication and collaboration abilities with cross-functional teams.

Preferred

• Experience with ServiceNow GRC, RSA Archer, or similar tools.
• Background supporting regulated enterprise or public sector environments.
• Certifications such as CISSP, CRISC, CISA, or CGEIT.
• Familiarity with risk quantification models and compliance automation.

• Health Care Plan (Medical, Dental & Vision)
• 401k Retirement Plan (4% match)
• Paid Time Off (Vacation, Sick & Public Holidays)