At ZOLL, we're passionate about improving patient outcomes and helping save lives. We provide innovative technologies that make a meaningful difference in people's lives. Our medical devices, software and related services are used worldwide to diagnose and treat patients suffering from serious cardiopulmonary and respiratory conditions.

Job Summary

The Manager of GRC Programs is responsible for leading the operational execution of the organization's Governance, Risk, and Compliance (GRC) programs. This role drives and leads the coordination and maturity of governance processes, security policy lifecycle management, and overall risk program operations (TPRM, ITRM).

This position serves as the operational leader of GRC programs, ensuring consistent execution of security governance initiatives and alignment with regulatory frameworks, business objectives, and enterprise risk management practices. The Manager partners closely with security engineering, IT, legal, product security, and business leaders to maintain scalable governance processes that support global operations.

The role manages GRC and Risk analysts, management of program tooling and governance repositories, and leads cross-functional initiatives to strengthen the organization's security posture.

Essential Functions

Governance & Policy Management

• Oversee the lifecycle management of enterprise security policies, standards, and procedures, ensuring alignment with regulatory requirements and security frameworks.
• Coordinate cross-functional policy development and review processes with stakeholders including IT, legal, compliance, and product security.
• Maintain governance documentation repositories, including policy libraries, control frameworks, and governance artifacts within the GRC libraries and platform.
• Support the Director of GRC in implementing governance frameworks aligned to industry standards such as ISO 27001, NIST, CIS, HIPAA, and GDPR.
• Manage policy exception workflows, ensuring risk acceptance and remediation activities are properly documented and tracked.
• GRC Programs & Operations
• Lead operational execution of the organization’s GRC programs, libraries, and intranet content, ensuring consistent implementation of governance initiatives across security and IT teams.
• Administer and optimize GRC platforms (e.g., AuditBoard, ServiceNow) used for risk tracking, audit coordination, and control management.
• Establish scalable workflows for governance processes including risk intake, exception management, and issue tracking.
• Drive continuous improvement initiatives across GRC operations to increase automation, reporting capabilities, and operational efficiency.
• Provide operational leadership and mentorship to GRC analysts responsible for governance administration and program support.

Risk Management Support (ITRM)

• Lead enterprise technology risk management processes by coordinating risk intake, documentation, and tracking activities within the risk register and GRC platform.
• Oversee and manage Risk and GRC Analysts and related processes for risk governance processes, including risk assessment coordination, risk registers, remediation tracking, and risk reporting.
• Ensure consistent risk management workflows across IT and security teams, enabling visibility into technology and operational risk exposure.
• Facilitate risk review discussions and support the preparation of risk reporting for leadership, risk, and governance committees.

Third-Party Risk Management (TPRM)

• Lead operational coordination of the organization’s third-party risk management program and management of GRC TPRM platform and processes.
• Establish and maintain vendor risk intake, assessment workflows, and vendor inventory tracking processes.
• Partner with procurement, legal, and business stakeholders to ensure vendor risk assessments are completed and documented appropriately.
• Track remediation efforts and risk treatment plans for vendors identified as high-risk.
• Support the development and maturity of scalable vendor risk management processes aligned with enterprise risk governance.

Assurance & Trust (Audit Coordination & Trust Center)

• Support and partnership of internal and external audit activities with the Internal Audit Manager, ensuring governance artifacts and evidence are readily available and managed in the GRC/Audit platform.
• Support contract review processes and ensure tracking via ticketing and/or GRC platform.
• Support trust center initiatives and maintain related libraries used to support security due diligence requests from customers and partners.
• Support cross-functional responses to complex customer security inquiries requiring input from multiple technical teams.

Cross-Functional Governance Collaboration

• Lead collaboration and liaisons between security, IT, product security, legal, compliance, and business teams for GRC initiatives.
• Ensure governance and risk programs remain aligned with evolving regulatory requirements and organizational priorities.
• Lead and support global governance initiatives by coordinating governance processes with regional stakeholders, including EMEA teams.
• Lead and facilitate communication and collaboration between operational security teams and GRC leadership.

Reporting & Program Metrics

• Develop and maintain GRC program metrics and dashboards to track program performance and maturity.
• Monitor key governance indicators including policy lifecycle completion, risk remediation progress, vendor assessment status, and trust center response metrics.
• Provide regular updates to the Director of GRC and Director of Security & Technology Risk Management on program status, risks, and operational improvements.

Security Awareness Support

• Support enterprise security awareness and compliance-related training activities.
• Partner with the GRC Analyst(s) responsible for awareness programs to ensure GRC and Security topics are incorporated into employee training and communications.
• Promote a culture of security and compliance through consistent security messaging and collaboration with HR and corporate communications teams.

Leadership & Team Development

• Manage and mentor global group of GRC and Risk analysts responsible for governance operations and program support.
• Foster a collaborative environment focused on operational excellence, accountability, and continuous improvement.
• Identify opportunities to improve team processes, capabilities, and governance maturity.

Required/Preferred Education and Experience

• Bachelor's Degree Cybersecurity, information technology, or a related field required
• Master's Degree Related field preferred
• 7-9 years GRC or Cybersecurity role required
• 1-3 years Leadership/people management required

Knowledge, Skills and Abilities

• Expertise in GRC platforms (e.g., Microsoft Purview, Varonis, AuditBoard).
• Expertise in developing and managing ITRM and TPRM programs.
• Expertise in developing and managing GRC libraries.
• Deep understanding of regulatory and security frameworks (e.g., PCI, GDPR, HITRUST, ISO 27001, NIST 800-53, NIST 800-161).
• Proven leadership in cross-functional environments and ability to influence at all organizational levels.
• Strong strategic thinking, analytical, reporting, and problem-solving skills.
• Excellent communication skills, both written and verbal.
• Ability to manage multiple priorities and drive results in a dynamic environment

ZOLL is a fast-growing company that operates in more than 140 countries around the world. Our employees are inspired by a commitment to make a difference in patients' lives, and our culture values innovation, self-motivation and an entrepreneurial spirit. Join us in our efforts to improve outcomes for underserved patients suffering from critical cardiopulmonary conditions and help save more lives.

The annual salary for this position is:

Factors which may affect starting salary include geography, skills, education, experience, and other qualifications of the successful candidate. Details of ZOLL's comprehensive benefits plans can be found at www.zollbenefits.com.

Applications will be accepted on an ongoing basis until this position is filled. For fully remote positions, compensation will comply with all applicable federal, state, and local wage laws, including minimum wage requirements, based on the employee’s primary work location.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, disability, or status as a protected veteran.

ADA: The employer will make reasonable accommodations in compliance with the Americans with Disabilities Act of 1990.