Title:  Director, GRC

1. JOB PURPOSE:

Responsible for leading and managing the organization's Governance, Risk & Compliance (GRC) programs. This includes developing and implementing policies, procedures, and controls to ensure compliance with regulatory requirements, overseeing risks, and promoting a culture of ethical behavior and accountability.

2. RESPONSIBILITIES

Governance

Develop and oversee governance frameworks, policies, and procedures. Ensure alignment of governance initiatives with the organization's strategic objectives. Promote a culture of accountability, transparency, and ethical behavior across the organization.

Risk Management

Oversee the management of risks that could impact the organization's objectives. Develop and implement risk management strategies, including risk mitigation plans. Maintain a comprehensive risk register to identify, assess, and monitor key risks across the organization. Monitor and report on risk exposures, trends, and the effectiveness of risk management activities.

Compliance

Ensure compliance with all relevant laws, regulations, and industry standards. Develop, implement, and maintain compliance programs, including policies and procedures. Conduct regular compliance audits and assessments to identify and address potential issues. Collaborate with departments such as HR, Legal, and Finance to support their compliance responsibilities and ensure a coordinated, organization-wide approach to regulatory adherence.

Security Incident Response and Operations

Lead the Security Incident Response Team (SIRT) to analyze and resolve security incidents, while managing and increasing the effectiveness and efficiency of the Security Operations Center (SOC).

Management Delegation of Authority (DoA)

Review and update the Management Delegation of Authority (DoA) to ensure clarity and consistency with organizational needs. Support and collaborate with the Board Affairs function in reviewing and maintaining the Board-level DoA.

Cyber Security

Define business impact of cyber security incidents and identify and drive recommendations for change to prevent similar incidents.

Direction and Development

Oversees, mentors, and develops a high-performing team, setting clear expectations and providing guidance and support to ensure team success. This includes fostering a culture of accountability, collaboration, and continuous improvement.

Risk Management Mitigation Plans

Develop and oversee the road map for risk management. Coordinate investigations of compliance breaches, risk incidents, and other GRC-related issues. Implement corrective actions and monitor their effectiveness.

GRC Reporting

Prepare and present regular reports on GRC activities, including risk assessments, compliance audits, and incident reports. Provide updates to senior management and the Board of Directors on GRC performance and initiatives.

Stakeholder Engagement

Manage stakeholders up to and including top management level, finding out their needs, issues, and concerns and reacting to them by leading and coordinating the development of stakeholder engagement plans to support the communication of business information and decisions.

Information and Business Advice

Provide authoritative specialist advice to the leadership team to guide the implementation of policy and the design and implementation of projects and change initiatives.

Capability Building

Identify the capabilities needed to meet the current and emerging business needs of a significant business area. Evaluate current capabilities, identify gaps, and prioritize development activities. Motivate others to develop their capabilities and fulfill their personal potential. Build capabilities elsewhere in the organization through mentoring and other informal methods.