Senior Manager, GRC

The Senior GRC Manager will lead GameStop programs required to ensure that the organization is secure, private, and compliant. Working with the GameStop CISO, this role will lead the GRC team and provide management over GameStop policies and standards, compliance and privacy requirements, security awareness and training functions, third party risk management, and operational tasks. As part of the wider security program, the Senior GRC Manager will lead the support of efforts such as incident management and oversight over other security functions.

This position sits onsite 5 days a week in Grapevine, TX.

What you'll do

• Provide overall direction and oversight of the GameStop’s global governance, risk, and compliance programs.
• Manage GRC operations and projects to ensure timely and effective completion
• Ensure compliance with regulatory requirements, security frameworks, and GameStop internal policies and standards
• Oversee first- and third-party risk, maintenance of the internal risk register, and risk management activities
• Manage operations required to compliance with mandatory consumer privacy requests
• Maintain and review GameStop’s internal policies and standards
• Develop internal communications and security training programs, including security and privacy awareness, developer training, and general security practices
• Lead and develop members of the GameStop GRC team
• Identify, track, and report meaningful performance/progress metrics on the state of the global GRC program 
• Collaborate with other security leaders to drive cross functional initiatives

What you'll bring

• At least 6 years of experience in IT GRC, information security, or audit roles with a minimum of 1 year in a leadership position or 2 years of experience with an advanced degree in cyber security
• A bachelor’s degree in cyber security, information technology, or other related field or 2 additional years of job-related experience in IT GRC, information security, or audit roles
• An ideal candidate will have experience in at least one of the following disciplines:
  • Global and US privacy regulations (e.g. GDPR, PIPEDA, COPPA, CCPA and other state laws)
  • IT general controls
  • Internal audit processes
  • Incident response
  • Compliance requirements such as Sarbanes-Oxley or PCI-DSS
  • Security and privacy frameworks such as NIST CSF or the Nymity Privacy Framework
• Ability to communicate effectively with both technical and non-technical partners across the business
• Collaborate with other security team members to drive cross functional initiatives
• Model the behaviors expected of all GameStop leaders including, but not limited to, a drive for results, with a demonstrable bias for action; high levels of emotional intelligence, maturity, and professionalism; giving, receiving and responding to