Information Services Governance, Risk & Compliance Security Manager

The GRC Manager will be responsible for ensuring the companys security posture meets industry best practices and regulatory standards. This includes managing security documentation and policies overseeing remediation activities managing the TPRM program and conducting vendor assessments. The GRC Manager will be responsible for developing and implementing security awareness training programs.

• Serve as the primary contact for TPRM security assessments and client security questionnaires facilitating thorough and efficient audits.
• Manage and maintain security documentation and policies ensuring clear communication and access for clients and third parties.
• Oversee customer remediation activities including tracking and addressing security requirements and requests from clients.

• Develop and update securityrelated policies to ensure adherence to regulatory standards and industrys best practices.
• Implement and oversee security awareness training programs for new hires and annual recertifications maintaining and updating training materials.
• Manage the security risk register in alignment with compliance requirements overseeing remediation initiatives and timelines.
• Collaborate closely with the Legal and Privacy teams to address regulatory and contractual security requirements including review of security terms.

• Conduct comprehensive vendor assessments for new partnerships including annual reviews of highrisk vendors and evaluations for vendor terminations.
• Perform security audits of highrisk vendors to confirm adherence to vendor security policies and standards.

• Manage the PCI SelfAssessment Questionnaire (SAQ) process to determine the appropriate attestation level on an annual basis.
• Identify and recommend security certifications (e.g. SOC 2 ISO 27001) that align with business requirements and oversee the certification process.

• Bachelors degree in information security Risk Management Business Administration or a related field. A masters degree is preferred.

• 5 years in governance risk management compliance or a related field with a focus on client security assurance and vendor risk management.
• Strong understanding of security frameworks and regulatory standards including PCI ISO 27001 and SOC2 Type 2.
• Proven expertise in creating and implementing security policies and compliance training programs.
• Relevant certifications (e.g. CRISC CISM CISA) are highly desirable.
• Strong analytical problemsolving and project management skills with keen attention to detail.
• Excellent communication and interpersonal abilities with experience working crossfunctionally across departments.

Worldpac is committed to providing reasonable accommodations to qualified individuals with disabilities. If you require accommodations to perform the essential functions of the job please contact for assistance.

Worldpac is an Equal Opportunity Employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. All qualified applicants will receive consideration for employment without regard to race color religion gender sexual orientation gender identity or expression national origin disability or veteran status.

Worldpac offers a comprehensive benefits package designed to support the health financial wellbeing and worklife balance of its employees. Key benefits include:

Health and Wellness:

• Medical dental and vision insurance plans to cater to various healthcare needs.
• Health Savings Accounts (HSAs) with company contributions for eligible plans.
• Flexible Spending Accounts (FSAs) for medical and dependent care expenses.
• Employee Assistance Programs (EAP) offering confidential counseling and support services.

Financial Benefits:

• 401(k) retirement plan with company match to assist in future financial planning.
• Life and Accidental Death & Dismemberment (AD&D) insurance for financial security.
• Shortterm and longterm disability insurance to protect income during unforeseen circumstances.

Additional Perks:

• Paid time off including vacation days and holidays to encourage rest and personal time.
• Employee discounts on products and services.