GRC Manager

The Governance, Risk, and Compliance Manager is responsible for developing, implementing, and maintaining comprehensive governance, risk management, and compliance programs. This role will work closely with stakeholders and vendors to ensure alignment with industry regulations, best practices, and organizational objectives.

• Lead and manage Claire's Governance, Risk, and Compliance program
• Develop and maintain information security policies, standards, and procedures aligned with industry best practices and collaborate with stakeholders as needed
• Conduct and participate in risk assessments, working proactively with vendors and stakeholders to collect necessary data
• Collaborate with stakeholders to develop and implement risk mitigation strategies and manage compliance initiatives
• Identify and manage appropriate controls, policies, procedures, compliance metrics, monitoring, reinforcement, and enforcement activities
• Create and deliver GRC updates to senior leaders, including reports concerning compliance failures, breaches, or incidents
• Ensure security controls are operating effectively by maintaining control documentation, performing periodic reviews, and coordinating with responsible parties to maintain compliance
• Ensure the organization achieves a sufficient level of compliance with relevant information security and privacy-related obligations imposed by laws, regulations, standards, contracts, policies, etc.
• Conduct regular internal audits and reviews to ensure compliance procedures are followed
• Ensure employees are thoroughly updated about the organization's policies, regulations, and processes, developing and delivering programs to do so
• Maintain awareness of regulatory developments and industry trends
• Work with internal stakeholders to document and ensure best practices for BCDR and identity and access management

• BS in Information Systems preferred but appropriate experience is acceptable
• Excellent communication skills are needed with demonstrated ability to work with multiple organizational functions and levels
• Understand NIST framework and how it applies
• PCI assessment experience
• Excellent writing skills
• Certifications a plus; CISSP, CISA, or equivalent experience
• 5-7 years of experience in the risk assessment or auditing of complex IT systems
• 3-5 years of experience in Program Management, Governance, or Compliance Management
• High-level understanding of securing Hybrid Platforms
• Solid understanding of IT concepts and operations
• Knowledge of third-party auditing and cloud risk assessment
• Risk Assessment methodologies and best practices
• Risk Treatment and Remediation
• Experience working with and interacting with 3rd party auditors
• Working knowledge of Information Security best practices, audit frameworks, and possibly privacy laws (e.g., familiarity with ISO 27000 series, SANS, NIST, OWASP Top 10, COBIT, CIS Top 20, PCI, CCPA, etc.)
• Fundamental knowledge about GRC rules and regulations
• Bonus if you are familiar with conducting BIAs

Claire's is an equal opportunity employer committed to diversity, equity, and inclusion and encourages applications from members of all underrepresented groups, including those with disabilities. We will accommodate applicants' needs, upon request, throughout all stages of the recruitment process. Please inform us of the accommodation(s) that you may require.