Governance Risk and Compliance Lead

A leading fitness franchise dedicated to providing a welcoming and judgment-free environment for individuals of all fitness levels is looking for you!

This gym chain offers affordable memberships, state-of-the-art equipment, and a variety of amenities designed to make exercise accessible and enjoyable. With a focus on inclusivity, it caters to beginners and casual gym-goers, promoting a non-intimidating atmosphere where everyone can work toward their personal health and wellness goals.

Job

Governance, Risk, and Compliance (GRC) Lead

The GRC Lead is a key strategic role responsible for supporting and expanding the company’s governance, risk, and compliance programs. This position works closely with the Senior Director of Information Security, collaborating with IT teams, business units, and external partners to ensure regulatory compliance, effective risk management, and strong governance practices. The role requires expertise in industry regulations, compliance standards, and risk assessment methodologies to help safeguard company assets and maintain adherence to security frameworks.

Key Responsibilities

• Work closely with the Senior Director of Information Security on various GRC initiatives.
• Lead the development and management of the company’s GDPR compliance program.
• Stay updated on relevant regulations such as GDPR, CCPA, CPRA, PCI, and SOX to ensure company compliance.
• Conduct compliance audits and assessments to evaluate adherence to regulatory standards.
• Ensure policies, procedures, and controls align with established governance frameworks.
• Perform risk assessments across different business units to identify vulnerabilities and threats.
• Develop risk mitigation strategies and work with teams to implement security controls.
• Monitor governance processes to promote transparency and accountability.
• Help maintain compliance with the NIST 800-171 security framework.
• Prepare reports and presentations on GRC activities, findings, and recommendations for stakeholders.
• Maintain documentation of compliance audits, risk assessments, and governance procedures.
• Participate in incident response efforts to address security breaches or compliance issues.
• Develop training programs and conduct sessions on risk management and compliance best practices.
• Foster a culture of compliance and security awareness throughout the company.
  
  

Required Qualifications

• Bachelor’s degree in Computer Science, Information Systems, or a related field.
• At least 5 years of experience in information security and IT compliance, specifically in GDPR, CCPA, CPRA, PCI, and SOX.
• Proven experience in a GRC role, with a strong understanding of compliance frameworks, risk assessments, and regulatory requirements.
• Preferred certifications: CISA, CISM, or CRISC.
• Strong background in developing and managing GDPR compliance programs.
• Experience in risk management for retail, payment, or e-commerce environments.
• Knowledge of security frameworks such as NIST and ISO 27001.
• Familiarity with GRC platforms like Archer Insight and AuditBoard.
• Strong analytical skills to interpret complex regulatory requirements.
• Detail-oriented with excellent organizational and project management skills.
• Strong communication and presentation skills to effectively convey complex concepts to both technical and non-technical audiences.
• Ability to build strong relationships and collaborate with teams across the organization.
• Strategic thinker with the ability to balance risk management with business goals.
• Adaptable and comfortable working in a fast-paced, dynamic environment.
• Positive attitude, team player, and proactive approach to problem-solving.
• Availability to provide on-call support as needed
  
  

Posted By: McKenzie Skamarycz