GRC Manager

About the Role

We are seeking a GRC Manager to establish, lead, and sustain our cybersecurity compliance program. This role is responsible for evaluating and selecting the appropriate security and compliance frameworks, leading implementation efforts, and building a scalable audit program to ensure continuous compliance as the organization grows. This role will be onsite out of our Atlanta Office. 

 

The GRC Manager will partner closely with technical, business, and leadership teams to translate regulatory and security requirements into actionable controls while serving as the primary liaison with external auditors and certification bodies.

 

Key Responsibilities

• Research, evaluate, and recommend the most appropriate cybersecurity compliance framework(s) (e.g., SOC 2, ISO 27001, NIST CSF) based on business needs, customer requirements, and industry standards.
• Lead end-to-end compliance initiatives, including framework selection, gap assessments, remediation planning, policy and procedure development, and cross-functional coordination.
• Design, implement, and manage an ongoing internal audit and control monitoring program to assess compliance effectiveness.
• Serve as the primary point of contact for external auditors, assessors, and certification bodies throughout the audit lifecycle.
• Maintain compliance documentation, audit evidence repositories, and traceable audit trails.
• Track regulatory changes, evolving standards, and emerging risks to ensure the compliance program remains current and effective.
• Develop and deliver compliance status updates, risk assessments, and key metrics to leadership and stakeholders.
• Drive continuous improvement of governance, risk, and compliance processes.

 

Qualifications

Required:

• 5+ years of experience in Governance, Risk, and Compliance (GRC), information security, or compliance-focused roles.
• Deep knowledge of major cybersecurity and risk frameworks, including SOC 2, ISO 27001, and NIST CSF.
• Proven experience leading compliance certifications from framework selection through successful external audit.
• Strong project management skills with the ability to influence and coordinate cross-functional technical and non-technical teams.
• Excellent communication skills, with the ability to translate complex technical requirements into clear business guidance.

 

Preferred:

• Relevant industry certifications such as CISSP, CISA, CISM, or similar.

#LI-DO1

Holder is committed to Equal Opportunity Employment (EOE).

​Substance abuse testing and a background screening is a condition of employment and Holder Construction does not sponsor applicants for immigration status or benefits.