Governance, Risk, and Compliance

At Ziply Fiber, our mission is to elevate the connected lives of our communities every day. We are delivering the fastest home internet in the Northwest, with a focus on areas traditionally underserved by mainstream internet companies. And as our state-of-the-art fiber network expands in WA, OR, ID and MT, so does our need for team members who can help us grow and realize our goals.

We may be building internet, but we are reaching real people. We strive to build relationships and provide customers and communities with refreshingly great experiences.

We emphasize our values in all our interactions:

Genuinely Caring:
Our customers and colleagues are people, and quite possibly our neighbors. We put ourselves in their shoes and give them our full attention.

Empowering You:
We empower our customers to choose the products that best meet their needs, and we support our employees to implement solutions that elevate the experiences of our customers and coworkers.

Innovation and Improvement:
We always look for ways to make the experiences of our customers – and each other – better.

Earning Your Trust:
We earn trust by communicating simply and transparently as real people, not as a corporation.

Job Summary

The Governance, Risk, and Compliance (GRC) Manager will be responsible for overseeing all aspects of Ziply Fiber's governance, risk, and compliance framework. They will ensure that all policies and procedures are aligned with industry regulations and best practices and provide guidance on potential risks and compliance issues. The GRC Manager serves as the central subject matter expert of Ziply's risk, compliance, audit, and policy lifecycle programs and works closely with senior leadership to develop strategies for mitigating risks and enhancing overall governance practices. This role is critical for maintaining a proactive compliance posture aligned with regulatory frameworks such as NIST , FCC LOA, and PCI-DSS. regulators.

Essential Duties and Responsibilities:

The Essential Duties and Responsibilities listed below are a range of duties performed by the employee and not intended to reflect all duties performed.

• Lead and manage the GRC team, ensuring clear direction, motivation, and support.

• Recruit, train, and retain skilled professionals in governance, risk, and compliance.

• Set performance objectives, conduct regular evaluations, and provide constructive feedback.

• Leads initiatives that support vendor risk oversight, internal policy enforcement, legal hold coordination, and audit readiness.

• Drives operationalization of Ziply's compliance commitments and serves as the key liaison to auditors and regulators.

• Own and lead the full lifecycle of policy development, executive approval, publication, and cross-functional enforcement across business units.

• Drive alignment with critical frameworks (NIST , PCI-DSS) and maintain compliance with all applicable state and federal regulations.

• Heads the audit process, leads internal and external audit readiness and response efforts, overseeing control testing, evidence collection, remediation, and closeout reporting.

• Manage and maintain the enterprise risk register; drive mitigation planning, track issue resolution, and escalate emerging threats to senior leadership.

• Oversee third-party risk management, including vendor assessments, compliance attestations, contractual risk reviews, and annual reassessments.

• Serve as GRC lead for M&A activities—conducting due diligence, identifying control gaps in acquired entities, and ensuring compliance integration post-close.

• Own the business continuity and disaster recovery (BC/DR) governance program; oversee planning, documentation, testing, and incident response readiness across business units.

• Coordinate legal hold and regulatory inquiry response efforts, ensuring proper documentation handling and defensibility of enterprise actions.

• Produce and deliver executive-level reports on risk trends, control maturity, audit findings, and overall compliance posture.

• Lead stakeholder collaboration initiatives to drive policy adherence and embed compliance into day-to-day operations.

• Establishes company compliance program policies and processes and creates awareness and training programs tailored to business function and risk profile.

• Reviews company marketing materials to ensure they remain in compliance.

• Lead a team of GRC analysts; oversee their risk assessments, remediation plans, documentation efforts, and audit support.

• Partner cross-functionally with Legal, Security, IT, and Operations to enforce unified and consistent governance and compliance practices.

• Own and drive continuous improvement of compliance maturity, business continuity readiness, and risk visibility across the organization.

• Manage and maintain GRC platforms or compliance tracking systems.

• Performs other duties as required to support the business and evolving organization.

Qualifications:

• Bachelor of Science in Computer Science, Information Technology, Risk Management, Legal Studies, Business, or a related field required.

• Industry certification required (e.g., CISA, CRISC, CISSP, or equivalent).

• Minimum of five (5) years' experience in GRC, audit, risk management, or compliance leadership roles required.

• Strong understanding of risk frameworks (e.g., NIST CSF, NIST , ISO 27001, SOC 2).

• Direct experience managing regulatory requirements such as PCI-DSS, DFARS, and HIPAA.

• Demonstrated ability to manage cross-functional projects and compliance initiatives.

• Excellent communication and documentation skills, including presenting to executives and auditors.

• Experience managing and maintaining GRC platforms or compliance tracking systems.

• Familiarity with legal hold, third-party risk, and incident response documentation processes.

• Experience with business continuity and incident response procedures aligned with Federal and State laws and regulations.

Knowledge, Skills, and Abilities:

• Ability to lead with strategic vision while executing day-to-day operational details.

• Excellent organizational and time management skills with the ability to manage multiple priorities.

• Strong critical thinking, negotiation, and interpersonal skills.

• High integrity and ability to handle confidential or sensitive information appropriately.

Work Authorization

Applicants must be currently authorized to work in the US for any employer. Sponsorship is not available for this position.

Physical Requirements

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Essential and marginal functions may require maintaining physical condition necessary for bending, stooping, sitting, walking, or standing for prolonged periods of time; most of time is spent sitting in a comfortable position with frequent opportunity to move about. The employee must occasionally lift and/or move up to 25 pounds. Specific vision abilities required by the job include close vision, distance vision, color vision, peripheral vision, depth perception, and the ability to adjust focus.

Work Environment

Work is performed in an office setting with exposure to computer screens and requires extensive use of a computer, keyboard, mouse, and multi-line telephone system. The work is primarily a modern office setting.

At all times, Ziply Fiber must be your primary employer. Unless otherwise prohibited by law, employees may not hold outside employment nor be self-employed without obtaining approval in writing from Ziply Fiber. In holding outside employment or self-employment, employees should ensure that participation does not conflict with responsibilities to Ziply Fiber or its business interests.

Diverse Workforce / EEO

Ziply Fiber is an equal opportunity employer. Ziply Fiber will consider all qualified candidates regardless of race, color, religion, national origin, gender, age, marital status, sexual orientation, veteran status, and the presence of a non-job-related handicap or disability or any other legally protected status.

Ziply Fiber requires a pre-employment background check as conditions of employment. Ziply Fiber may require a pre-employment drug screening.

Ziply Fiber is a drug free workplace.