Governance, Risk, and Compliance Manager

About the role

The Governance, Risk, and Compliance (GRC) Specialist supports the organization's information security and enterprise risk management programs by facilitating risk identification, control assessment, policy governance, and compliance activities across regulatory and internal frameworks. This role partners with business and technology stakeholders to ensure risks are documented, evaluated, and treated in alignment with organizational risk tolerance, while enabling consistent, auditable processes for compliance, third-party risk, and control monitoring. The GRC Specialist plays a critical role in translating regulatory and security requirements into actionable controls, maintaining accurate risk and compliance artifacts, and supporting leadership with timely, data-driven reporting to inform risk-based decision-making. Essential Duties and Responsibilities: Governance Support the development, maintenance, and lifecycle management of information security and IT governance policies, standards, and procedures. Coordinate periodic policy reviews and facilitate stakeholder input, approvals, and attestations. Maintain policy exceptions and waivers, ensuring appropriate risk evaluation, documentation, and executive approval. Partner with legal, compliance, IT, and security teams to ensure governance alignment across enterprise initiatives. Lead and coordinate the Business Impact Analysis (BIA) process by partnering with business and technology stakeholders to identify critical processes, assess operational, financial, and regulatory impacts, and document recovery objectives to support enterprise resilience and continuity planning. Risk Management Identify, assess, and document information technology risks across infrastructure, applications, cloud services, and third-party environments using standardized risk assessment methodologies. Facilitate periodic and ad-hoc IT risk assessments, including inherent risk evaluation, control effectiveness testing, and residual risk determination. Maintain the enterprise IT risk register by ensuring risks are accurately described, consistently scored, and aligned to business impact and risk tolerance. Track risk remediation activities to completion and validate that corrective actions effectively reduce risk exposure. Support third-party and vendor risk assessments by evaluating IT-related risks associated with external service providers. Support continuous improvement of the IT risk management program through process optimization, tooling enhancements, and stakeholder feedback. Monitor emerging threats, vulnerabilities, and technology changes to identify new or evolving risk scenarios. Compliance Lead internal control testing, evidence collection, and audit readiness across cloud and on-prem system. Collaborate with architects and development teams to identify potential attack paths early in the design phase. Collaborate with cross-functional teams and external auditors to ensure regulatory compliance Leverage intelligence from vulnerability, threat, and incident data to continuously refine security controls. Evaluate and improve security controls, processes, and documentation. Program Governance & Reporting Develop and maintain risk metrics, dashboards, and reporting artifacts for management and executive-level audiences. Present risk posture and program effectiveness metrics to senior leadership and governance committees. Align program outcomes with frameworks such as NIST CSF & CIS Controls. Competencies Elevated professionalism which demonstrates tempered emotions, empathy, positive intent, and integrity in all interactions. Excellent communication and interpersonal skills with the ability to build strong relationships across all levels of the organization. Strong verbal and written communication skills Ability to effectively communicate and present information one-on-one and in group situations, and outside of the company. Strong attention to detail Ability to work in a fast-paced environment Must be a self-starter, independent, and strong organization skills, with the ability to manage multiple priorities and deadlines at any given time Strategic & Analytical Thinking Risk‑Based Decision‑Making and the ability to solve practical problems and manage a variety of variables in situations and with problems where only

Additional Information

Meriton is a national team of experts driving HVAC innovation through a network of high-performing companies. From strategy and support to systems and solutions, we work behind the scenes to strengthen operations and build value-for our partners and our people. If you're looking to make an impact, we're glad you're here. At Meriton, you'll join a team that believes in big ideas, doing great work, and building careers that matter-every step of the way. Job Title: Governance, Risk, and Compliance Manager Reports To: Director of Cybersecurity & Compliance FLSA Status: Exempt Location: Shared Services Office, Irving, TX

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at meriton? Share your experience