GRC Manager - Technology Risk & Governance

Pinnacle Group exists to connect people with opportunity. For the last 25 years, we've done exactly that by living our core values of putting people first, delivering excellence in all we do, and giving back to the communities in which we live and work. We are a leading workforce solutions company supporting the talent needs of global leaders in financial services, technology, communications, utilities, and transportation and we are one of the largest women and minority-owned companies in our industry. Our team of service-driven, energetic, and diverse professionals is well-respected in our industry and our leadership team is aligned and focused on taking the company to the next level. If you're looking for a new opportunity where you can truly make a difference, we hope you'll apply for a position with us.

Job Summary

• Own and manage the third-party risk management program, including risk-based vendor assessments, onboarding reviews, and periodic evaluations throughout the vendor lifecycle.
• Partner with Information Security, Legal, Compliance, IT, and business stakeholders to identify, assess, document, and mitigate technology, cybersecurity, privacy, AI, and vendor-related risks.
• Review SOC 1 and SOC 2 reports, ISO 27001 certifications, penetration testing reports, business continuity plans, disaster recovery documentation, privacy materials, and related compliance evidence.
• Interface with third-party auditors, vendors, and internal stakeholders to gather documentation, respond to assessment requests, and support audit readiness.
• Support responses to technology-related third-party questionnaires, ensuring information is accurate, complete, consistent, and professionally documented.
• Maintain organized assessment records, risk documentation, compliance evidence, and supporting materials in accordance with internal policies and procedures.
• Prepare risk summaries, dashboards, reports, and governance materials for leadership and committee review.
• Maintain and support Pinnacle Group’s ISO 27001 certification and SOC 2 compliance in partnership with IT and other key stakeholders.
• Collaborate with cross-functional teams to create, maintain, and implement AI-related standards, procedures, and risk governance practices.
• Enhance and maintain Pinnacle Group’s business continuity plan in collaboration with appropriate business and technology stakeholders.

Qualifications

• Bachelor’s degree in Business Information Systems, Cybersecurity, Risk Management, Compliance, or a related field.
• Experience in technology risk, governance, compliance, information security, audit, third-party risk management, or a related discipline.
• Strong experience performing vendor risk assessments for SaaS platforms, cloud providers, managed service providers, software vendors, and AI-enabled products.
• Working knowledge of security and compliance frameworks such as ISO 27001, SOC standards, NIST, CIS Controls, and related governance practices.
• Experience interfacing with third-party auditors and responding to security, risk, compliance, or vendor assessment questionnaires.
• Ability to assess technology vendors, identify risk concerns, document findings, and communicate recommendations clearly to technical and non-technical stakeholders.
• Strong written and verbal communication skills with the ability to collaborate effectively across auditors, vendors, IT, Legal, Compliance, and business teams.
• Experience using Drata or similar governance, risk, and compliance platforms preferred.
• Working knowledge of AI-related risks, controls, governance standards, and emerging compliance considerations preferred.

Originally posted on Himalayas