Governance Risk & Compliance Manager

The position will prioritize the risk management third party risk management policy management policy exceptions and issue management responsibilities listed below while still supporting all GRC areas based on resource needs.

Risk Management:

• Serve as the primary subject matter expert for technology and cyber risks and advise stakeholders on effective risk identification analysis documentation and treatment
• Lead enterprise technology risk assessments including annual and ongoing risk evaluation activities Maintain and improve the enterprise risk register including trend analysis aggregation remediation monitoring and reporting for leadership
• Partner with technology teams to define appropriate risk responses and ensure adherence to the risk management process
• Evaluate the effectiveness of existing risk controls and recommend enhancements
• Support other risk related activities as needed Third Party Risk Management:
• Lead the assessment of risks related to vendors contractors service providers and other external partners
• Evaluate third party security documentation including SOC reports and other independent validation reports
• Coordinate follow up with vendors and internal stakeholders on identified third party risks and required remediation
• Maintain third party risk records and provide reporting to technology and business leadership
• Support the integration of third-party risk management activities into procurement and contract processes

Policy Management:

• Oversee the development approval publication and ongoing review of technology policies standards and procedures
• Ensure policy content aligns with risk management outcomes regulatory requirements and applicable control frameworks such as NIST CSF
• Partner with process owners and technology leaders to ensure policy expectations are understood and implemented
• Develop and maintain policy governance metrics and reporting

Policy Exceptions:

• Lead the formal policy exception program including intake evaluation and decision support
• Review exception requests for risk impact and recommend appropriate time bound conditions compensating controls or mitigation actions
• Maintain accurate documentation of exception approvals expirations and follow up requirements
• Provide reporting on exception trends for leadership review

Issue Management:

• Maintain a centralized inventory of issues identified through audits assessments risk reviews and compliance activities
• Partner with process owners to define corrective action plans that address root causes and prevent recurrence
• Validate remediation evidence to ensure closure activities meet requirements
• Monitor remediation timelines and escalate delays when necessary
• Provide reporting on issue trends and progress for leadership Information

Security Governance:

• Participate in the creation and review of technology related governance documents and support alignment with best practice frameworks
• Provide guidance during procurement project planning and product review processes to ensure compliance with internal policies and regulatory expectations
• Support development and assessment of GRC metrics
• Support the information security awareness program including targeted training and required annual content
• Assist with governance related activities as needed

Compliance:

• Support proactive readiness with process and control owners in advance of technology audits and regulatory assessments
• Facilitate audit and assessment requests including evidence collection and coordination with internal and external teams
• Evaluate the adequacy of control design and operation relative to regulatory obligations and internal standards
• Assist in the completion and documentation of compliance reviews
• Support other technology compliance duties as needed

Team Development:

• Develop and implement succession plans
• Create task rotation schedules to broaden GRC staff knowledge across all GRC domains

Qualifications :

Education:

• Bachelors degree is preferred preferably in a technology discipline
• Relevant certification such as CISSP CISA CISM or CRISC is a plus

Required skills/experience:

• Minimum 5 years of proven experience in information security governance risk management and compliance roles
• Minimum 2 years of proven experience acting in a supervisor or manager capacity
• Demonstrates a risk-oriented mindset and the ability to articulate the relationship between technology risk control and policy
• Experience in managing regulatory compliance audits and working with external and internal auditors
• Excellent communication and interpersonal abilities with the ability to influence and collaborate across different teams and levels of the organization
• Effectively manages stress in a constantly changing environment
• Demonstrates excellent judgment and the ability to make quick decisions and think outside the box when working with complex situations
• Is forward-thinking and possesses business acumen
• Possesses a high level of integrity trustworthiness and confidence and represents the company and its management team at the highest level of professionalism

Additional Information :

Boyd Gaming is proud to be an Equal Opportunity Employer and does not discriminate against any employee or applicant for employment because of race color sex age national origin religion sexual orientation gender identity status as a veteran and basis of disability or any other federal state or local protected class.

Boyd Gaming is proud to be an Equal Opportunity Employer and does not discriminate against any employee or applicant for employment because of race color sex age national origin religion sexual orientation gender identity status as a veteran and basis of disability or any other federal state or local protected class.

Remote Work :

No

Employment Type :

Full-time