CFGI

GRC and Data Privacy Manager

CFGI

full-time

Posted on:

Location Type: Hybrid

Location: United States

Visit company website

Explore more

AI Apply
Apply

Tech Stack

Cyber Security

About the role

  • Lead end-to-end GRC and privacy engagements, including scoping, planning, execution, and executive reporting.
  • Design and operationalize cybersecurity governance models (policies, standards, risk appetite, committees, reporting KPIs/KRIs).
  • Build and mature enterprise risk programs: risk assessments, risk registers, control libraries, and control testing approaches.
  • Develop and implement security policies, standards, and procedures aligned to common frameworks (e.g., NIST CSF, ISO 27001/27002, CIS, SOC 2).
  • Support regulatory readiness and compliance initiatives (e.g., SEC cyber disclosure support, NYDFS 500, GDPR/UK GDPR, CCPA/CPRA, HIPAA, PCI DSS, SOX ITGC alignment where applicable).
  • Stand up or enhance privacy programs: data mapping/inventories, DPIAs/PIAs, DSAR processes, retention, consent management, third-party privacy risk, and privacy by design.
  • Perform vendor/third-party risk assessments and implement scalable TPRM operating models.
  • Coordinate cross-functional stakeholders (Legal, IT, Security, Compliance, Product, HR) to drive outcomes and adoption.
  • Translate complex technical, regulatory, and privacy requirements into business-oriented recommendations.
  • Deliver executive-ready artifacts: board/audit committee materials, roadmaps, operating models, heatmaps, and risk dashboards.
  • Serve as a trusted advisor to senior leadership; confidently present findings and influence decisions.
  • Contribute to go-to-market development: offerings, templates, accelerators, methodologies, and points of view.
  • Support business development through proposal writing, SOW development, client presentations, and solution shaping.
  • Mentor and develop consultants and managers; lead teams across multiple engagements while maintaining quality and delivery rigor.
  • Partner with other CFGI service lines (Accounting Advisory, CFO Advisory, Technology Enablement) to deliver integrated solutions.

Requirements

  • Five plus years of relevant experience in cybersecurity GRC, privacy, risk management, compliance, or consulting (level will map to experience).
  • A Bachelor’s degree in a relevant field.
  • Demonstrated expertise implementing and operationalizing cybersecurity frameworks and control programs: NIST CSF / NIST 800-53 (nice-to-have), ISO 27001/27002, SOC 2, CIS Controls.
  • Strong privacy fundamentals and experience with privacy program build-out and operations: GDPR/UK GDPR, CCPA/CPRA; experience with HIPAA/GLBA or other sectoral privacy standards is a plus.
  • Experience performing or leading: enterprise/security risk assessments. control design/testing, policy and standards development, TPRM programs, compliance/regulatory readiness programs,
  • Exceptional written and verbal communication skills with a track record of producing executive-level deliverables.
  • Proven ability to lead teams, manage timelines/budgets, and deliver in a client-facing environment.
Benefits
  • Competitive compensation
  • Benefits
  • Career growth trajectory
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
cybersecurity governancerisk managementNIST CSFISO 27001ISO 27002SOC 2CIS Controlsdata mappingvendor risk assessmentsTPRM operating models
Soft Skills
communication skillsleadershipteam managementclient-facingmentoringinfluencing decisionscross-functional collaborationexecutive reportingproblem-solvingpresentation skills