Take your career to the next level! In the last few years our goal has been expansion, creating growth opportunities for many of our team members. Not only are we serious about growth, but we are also serious about helping our customers during hard financial times.
We take pride in providing solutions and offering a helping hand, not only to our customers but also to the communities we serve. As we continue to expand and grow into a national leader in consumer financing, we invite you to consider joining our team.
If you're passionate about making a meaningful impact in people's lives and bringing a personal touch to finance, we'd love to have you on board!
Job Purpose
The GRC Program Manager is responsible for leading the organization's technology governance, risk, and compliance initiatives, with a particular focus on IT General Controls (ITGCs) and SOC 2 readiness and reporting. This role provides strategic oversight of risk management processes, ensures the effectiveness of IT controls, and manages compliance activities across the enterprise. The GRC Program Manager will collaborate with IT, Security, Finance, Legal, and internal/external auditors to safeguard the organization's technology environment and ensure adherence to regulatory, contractual, and industry standards. This role directly supports strategic banking and business partnerships by ensuring SOC 2 compliance, influences cyber insurance underwriting outcomes, and provides board-level visibility into enterprise risk posture. The position is a critical enabler of revenue growth, regulatory resilience, and corporate reputation.
Duties and Responsibilities
Governance & Oversight
• Develop, maintain, and enforce IT governance frameworks, policies, and standards.
• Provide oversight and direction for the design, implementation, and maintenance of ITGCs.
• Ensure governance processes align with business objectives and best practices (e.g., NIST CSF, COBIT, ITIL).
• Lead cross-functional governance councils and serve as a strategic advisor to executive leadership and the board on technology risk posture.
Risk Management
• Lead technology risk assessments and maintain the enterprise IT risk register.
• Provide oversight into third-party/vendor risk management processes.
• Partner with business and IT leaders to monitor, assess, and mitigate technology-related risks.
• Integrate risk insights into enterprise decision-making, including M&A due diligence, strategic partnerships, and vendor negotiations.
Compliance & SOC 2 Oversight
• Manage the organization's SOC 2 readiness, assessment, and reporting processes.
• Collaborate with auditors and internal teams to coordinate SOC 2 evidence collection, remediation, and ongoing control effectiveness.
• Oversee ITGC testing activities to ensure compliance with SOX and SOC 2 requirements.
• Support other regulatory and certification efforts (e.g., SOX, HIPAA, GLBA, GDPR, CCPA).
• Anticipate and prepare for emerging regulations such as SEC Cybersecurity rules and AI governance frameworks.
Audit & Assurance
• Serve as the primary liaison with internal and external auditors on ITGCs and SOC 2 audits.
• Oversee the execution of control testing, documentation, and remediation plans.
• Track audit findings, manage remediation plans, and report progress to senior leadership.
• Deliver consolidated enterprise compliance dashboards and board-ready reports that influence executive decision-making.
Metrics & Reporting
• Develop and present regular reporting on GRC program performance, audit outcomes, and risk posture.
• Define and monitor key risk indicators (KRIs) and key performance indicators (KPIs) to measure effectiveness of governance and compliance activities.
• Present risk and compliance insights to enterprise leadership.
Leadership & Collaboration
• As company growth demands, lead and mentor a team of GRC analysts and specialists.
• Foster cross-functional collaboration between IT, InfoSec, Finance, Legal, and Operations.
• Promote a culture of accountability, transparency, and risk awareness across the organization.
• Responsible for building and scaling the enterprise GRC function, including direct reports and dotted-line GRC responsibilities across departments.
Technology
• Own enterprise GRC platforms and implement automation and AI-enabled monitoring to enhance efficiency and assurance.
Minimum Qualifications
Education & Experience
• Bachelor's degree in Risk Management, Information Security, Information Technology, or related field.
• 6+ years of experience in governance, risk, and compliance with at least 2+ years in a leadership role.
• Hands-on experience managing ITGC programs and SOC 2 assessments.
• Strong background in IT risk management and regulatory compliance frameworks.
Preferred Qualifications
Education & Experience
• Master's degree in Risk Management, Information Security, Information Technology, or related field.
Preferred Certifications
• Certified Information Systems Auditor (CISA)
• Certified in Risk and Information Systems Control (CRISC)
• Certified in Governance, Risk and Compliance (CGRC)
• Certified Information Security Manager (CISM)
• Certified Information Systems Security Professional (CISSP)
• Advanced business or executive credentials such as MBA, LLM, or ISO 31000/ERM certifications.
Critical Competencies
Skills & Competencies
• Deep knowledge of ITGCs, SOC 2 Trust Services Criteria, and control frameworks (NIST CSF, COBIT, ITIL).
• Familiarity with regulations such as SOX, HIPAA, GLBA, CCPA.
• Strong ability to design, test, and improve IT controls.
• Excellent project management, organizational, and leadership skills; Extremely organized and detail oriented
• Strong communication and presentation skills, with ability to interface with executive leadership and auditors.
• Demonstrated written and oral communication skills and the ability to present to various levels of audiences
• Ability to manage multiple engagements and competing priorities in a rapidly growing, fast-paced, collaborative environment
• Ability to work well under pressure and manage tight deadlines
• Ability to work both collaboratively and independently
• Ability to influence without direct authority.
Working Conditions
Remote work is permitted for Manager positions and below. Additionally, Regional has offices in Greenville, SC and Plano, TX available for in person work if desired. Some travel will be required (less than 10%).
• This position is a salaried position and ranges between $129,000 to $157,000 based on experience.
If you are a job applicant who resides in the state of California, please review our California Employee Privacy Policy at the following link: https://regionalfinance.com/wp-content/uploads/2022/11/UPDATED-Employee-Privacy-Policy-11.2022.pdf
Regional is an equal opportunity employer and does not discriminate on the basis of race, color, religion, creed, national origin, sex (including pregnancy, childbirth, and related medical conditions), sexual orientation, gender identity, transgender status, age, disability, genetic information, veteran status, uniform service, or any other characteristic protected by applicable law ("Protected Characteristics"). Regional's policy of non-discrimination applies to all phases of the employment process and relationship, including, but not limited to, recruitment and selection; compensation and benefits; professional development and training; promotions and opportunities; transfers; social and recreational programs; layoff; and terminations.
