GRC Manager (Governance, Risk, and Compliance)

Need StatementAs Aegis Mobile continues to grow and engage with enterprise partners, we are formalizing and expanding our governance, risk, and compliance capabilities. This role represents a key step in maturing our compliance program to support ongoing certification efforts, evolving regulatory expectations, and long-term scalability.The GRC Manager will establish and operate the systems and processes required to ensure consistent control execution, effective risk management, and sustained audit readiness across the organization.Job SummaryThe GRC Manager is responsible for the day-to-day operation of Aegis Mobile’s governance, risk, and compliance program. This role owns the core components of the program, including the risk register, control library, and evidence management processes, ensuring controls are implemented, maintained, and verifiable across the organization.Working cross-functionally, the GRC Manager drives coordination between technical and business teams to support compliance activities, enforce control ownership, and maintain audit readiness. This role also serves as the primary interface for external auditors and compliance partners, ensuring that audits and assessments are executed efficiently and without disruption to the business.ResponsibilitiesOwn and operate the GRC program, including governance processes and workflowsOwn the risk register, including risk identification, assessment, and trackingOwn and manage the control library, including control definitions and mappingsOwn evidence collection for audits and ongoing complianceLead preparation for and coordination of certification auditsServe as primary liaison for external auditors and compliance partnersMaintain and evolve management systems (e.g., ISMS, QMS)Identify control gaps and drive remediation efforts with system and process ownersReport on compliance posture, risk status, and audit readiness to leadershipExpectationsOperates with an ownership mindset, driving work to completionMaintains continuous audit readiness, not point-in-time preparationDrives cross-team coordination, ensuring timely execution of control and compliance activitiesApplies practical judgment, balancing compliance rigor with operational efficiencyCommunicates clearly across technical and non-technical stakeholdersBuilds scalable, repeatable processes appropriate for a growing organizationKnowledge and Skill RequirementsHands-on experience supporting at least one certification cycle (ISO 27001 preferred)Direct involvement in formal audits or assessments (e.g., Stage 1 / Stage 2)Experience implementing and operating controls within a management system (e.g., ISMS, QMS)Strong understanding of:Risk management frameworksControl design and evaluationAudit and evidence requirementsExperience working with external auditors and/or compliance consultantsFamiliarity with multi-framework environments and control mapping concepts Technical Fluency (Strongly Preferred)Ability to understand and validate controls within cloud-based environments (Azure preferred)Familiarity with identity and access management conceptsUnderstanding of logging, monitoring, and backup controls and how they support audit requirementsAbility to engage with engineering teams on application and infrastructure architecture at a conceptual levelAdditional Desirable Knowledge and SkillsFamiliarity with:ISO 27701 (privacy)ISO 9001 (quality)ISO 22301 (business continuity)Experience in SaaS or cloud-based environmentsExperience in organizations with maturing processesExposure to GRC or compliance management platformsQualifications4–8+ years of experience in GRC, compliance, or information securityDemonstrated participation in at least one successful certification auditBachelor’s degree in a relevant field (or equivalent experience)Relevant certifications are a plus but not requiredWillingness to attend in-person meetings at an Aegis office location as needed