Head of Governance, Risk, and Compliance (GRC)

United States (Remote)
Security – Security /
Full Time /
The Company 
Serving the People Who Serve the People 

Granicus is driven by the excitement of building, implementing, and maintaining technology that is transforming the Govtech industry by bringing governments and its constituents together. We are on a mission to support our customers with meeting the needs of their communities and implementing our technology in ways that are equitable and inclusive. Granicus has consistently appeared on the GovTech 100 list over the past 5 years and has been recognized as the best companies to work on BuiltIn.  

Over the last 25 years, we have served 5,500 federal, state, and local government agencies and more than 300 million citizen subscribers power an unmatched Subscriber Network that use our digital solutions to make the world a better place. With comprehensive cloud-based solutions for communications, government website design, meeting and agenda management software, records management, and digital services, Granicus empowers stronger relationships between government and residents across the U.S., U.K., Australia, New Zealand, and Canada. By simplifying interactions with residents, while disseminating critical information, Granicus brings governments closer to the people they serve—driving meaningful change for communities around the globe. 
Want to know more? See more of what we do here.  

Granicus is looking for a Head of Governance, Risk, and Compliance (GRC).  Granicus is the largest cloud solutions provider for government and provides technology that empowers government organizations to create better lives for the people they serve.
This role is a critical leadership position, reporting to the CISO, and responsible for enhancing and expanding Granicus’ GRC portfolio to improve the company’s overall security and compliance posture.  As a global company that serves the public sector, Granicus is subject to and maintains compliance with myriad regulatory obligations, standards, and frameworks, including FedRAMP, NIST 800-53, ISO 27001, CJIS, PCI, GDPR, Cyber Essentials, SOC2, and others.  The Head of GRC will lead all compliance efforts, working with all relevant partners (e.g., IT, Privacy, Legal) to ensure that all compliance obligations are understood, all relevant processes are fully established, and compliance is continuously tracked, measured, and reported on.  Additionally, this role will lead the continuing maturation of Granicus’ risk management efforts, consisting of internal Risk Management and external Third-Party Risk Management programs.
Candidates for this role must be collaborative in nature, acting as a true enabler of the business and partner to technology and other departmental leaders and teams, able to drive security outcomes through influence and partnership, and relentlessly focused on establishment of a security-first culture across the company.  Additionally, candidates must have a strong, cross-discipline technical, security, and compliance background, as well as an ability to seamlessly move from deep, detailed conversations to executive level briefings, distilling challenging compliance, risk, and technical constructs in a digestible manner.

What your impact will look like:

    • Lead all elements of compliance program encompassing all regulations Granicus is subject and attests to globally (e.g., policy and documentation, POA&M management, reporting), striving to keep Granicus compliant with ongoing obligations, particularly FedRAMP
    • Act as primary Granicus point of contact to all auditors and regulators, leading all audit activity across the enterprise (e.g., FedRAMP and ISO 27001 annual audits)
    • Lead, in partnership with CISO, the Risk Management program, including articulating cyber risks in a business context, their impacts, and recommending mitigation; lead all governance forums (e.g., Enterprise Risk Committee), and remediation activity governance and tracking.
    • Mature Third Party Risk Management program to encompass all relevant elements (e.g., initial assessments, continuous monitoring)
    • Maintain, mature, and create Information Security policies
    • Formalize and operationalize Information Security exception process and provide continuous governance
    • Support needs of customer-facing organizations as appropriate, which may include review of contractual elements pertaining to security, completing questionnaires, etc.
    • Stay current with emerging regulatory and compliance requirements and continuously assess impact to Granicus; work with senior leaders to ensure that any impacts and associated work to remain compliant is included in Product and Technology roadmaps.
    • Participate in or lead security efforts related to M&A, particularly post-acquisition activities to fully integrate acquired entity into all GRC processes.

You'll love this job if you have:

    • Bachelors and/or Masters degree in Computer Science, Cyber Security, Information Technology, Risk Management, or related field
    • 5+ years of cross-discipline Information Security/Information Technology experience
    • 5+ years of leading a GRC function
    • Demonstrated expert level understanding and experience with NIST 800-53 and FedRAMP, including interaction with Joint Authorization Board and/or sponsoring Federal Agencies.
    • Broad knowledge of common standards, frameworks, and regulatory requirements.
    • Demonstrated experience with representing security controls to external auditors and/or customers.
    • Excellent executive presentation and communication skills.
    • Ability to lead through influence, including at executive levels.
$175,000 - $210,000 a year
+ bonus and benefits
Don’t have all the skills/experience mentioned above? At Granicus, we are trying to build diverse, inclusive teams. We do not have degree requirements for most of our roles. If you don’t meet every requirement above but are excited to learn more, we encourage you to apply. We might just be able to find another role that could be a perfect fit! 

The Team
- We are a remote-first company with a globally distributed workforce across the United States, Canada, United Kingdom, India, Armenia, Australia, and New Zealand.

The Culture
- At Granicus, we are building a transparent, inclusive, and safe space for everyone who wants to be
a part of our journey.
- A few culture highlights include – Employee Resource Groups to encourage diverse voices
- Coffee with Mark sessions – Our employees get to interact with our CEO on very important and
sometimes difficult issues ranging from mental health to work-life balance and current affairs. 
- Microsoft Teams communities focused on wellness, art, furbabies, family, parenting, and more.-=- - We bring in special guests from time to time to discuss issues that impact our employee

The Impact
- We are proud to serve dynamic organizations around the globe that use our digital solutions to make the world a better place — quite literally. We have so many powerful success stories that illustrate how our solutions are impacting the world. See more of our impact here.

The Benefits 

At Granicus, we offer a competitive benefits package that allows employees to tailor benefits to their needs. Benefits listed below are for employees based in the U.S.

- Flexible Time Off
- Medical (includes an option that is paid 100% by Granicus!), Dental & Vision Insurance
- 401(k) plan with matching contribution
- Paid Parental Leave
- Employer-paid Short and Long Term Disability Insurance, Group Term Life Insurance and AD&D Insurance
- Group legal coverage 
- And more!

Granicus is committed to providing equal employment opportunities. All qualified applicants and employees will be considered for employment and advancement without regard to race, color, religion, creed, national origin, ancestry, sex, gender, gender identity, gender expression, physical or mental disability, age, genetic information, sexual or affectional orientation, marital status, status with regard to public assistance, familial status, military or veteran status or any other status protected by applicable law.