Title:  Manager, Governance, Risk, Compliance & Privacy

About Us

Data Analysis Incorporated (DAI) is the controlling entity of the O’Neil family of businesses. DAI and its subsidiaries operate in diverse industries worldwide, including global equity markets, health care, financial services, digital news, and insurance. Our global footprint allows our teams to be responsive to customer needs in a timely and efficient manner. We are dedicated to using technology and innovation to bring change and growth to our businesses. We believe in a dynamic workplace, creating engaging, informative products and services that help our customers succeed. Integrity is an essential characteristic for our firms and our associates 

Summary

The Manager, Governance, Risk, Compliance & Privacy (GRCP) is responsible for leading and managing the organization’s governance, risk, compliance, and privacy initiatives to ensure alignment with applicable laws, regulations, contractual obligations, security standards, and internal policies. This role partners closely with Information Security, IT, Legal, Human Resources, Compliance, business stakeholders, and external partners to strengthen governance practices, mature risk management processes, support audit and regulatory readiness, and promote privacy and security accountability across DAI companies.

Duties and Responsibilities

•    Lead the implementation and continuous improvement of governance frameworks, policies, standards, procedures, and controls related to information security, privacy, and technology compliance.
•    Manage cybersecurity, operational risk, and third-party risk management activities including risk identification, assessment, remediation tracking, and executive reporting.
•    Lead compliance initiatives supporting regulatory, contractual, and industry requirements, including audit coordination, evidence collection, remediation tracking, and certification readiness efforts.
•    Direct privacy and data protection activities including privacy impact assessments (PIAs/DPIAs), privacy risk assessments, privacy incident coordination, and data subject request support.
•    Facilitate governance reviews, compliance meetings, and cross-functional initiatives to ensure accountability and timely remediation of identified risks and compliance gaps.
•    Develop, maintain, and report metrics related to governance, risk, compliance, privacy, audits, control effectiveness, remediation activities, and program maturity.
•    Partner with business and technical teams to integrate security, privacy, and compliance requirements into operational and technology processes using privacy-by-design and security-by-design principles.
•    Lead enterprise-wide security and privacy awareness initiatives, training programs, communications, and guidance to promote a culture of compliance, accountability, and secure business operations.
•    Support governance activities associated with incident response, business continuity, disaster recovery, crisis management, and operational resilience programs.
•    Monitor evolving regulatory, privacy, and security requirements and evaluate impacts to organizational policies, controls, and business operations.

Qualifications & Requirements

Required Education, Experience, Certification/Licensure

• Bachelor’s degree in Information Security, Cybersecurity, Information Technology, Business, Risk Management, or related field.
• Minimum 5–7 years of experience in Governance, Risk, Compliance (GRC), Privacy, Information Security, Audit, or related disciplines.
• Experience leading or managing governance, compliance, privacy, audit, or risk management programs within complex organizations.
• Experience supporting internal and external audits, assessments, and compliance initiatives involving security and privacy controls.
• Experience collaborating across technical and business teams to drive governance and compliance initiatives.

Preferred Education, Experience, Certification/Licensure

• Master’s degree in a related field.
• CISM (Certified Information Security Manager)
• CRISC (Certified in Risk and Information Systems Control)
• CISA (Certified Information Systems Auditor)
• CISSP (Certified Information Systems Security Professional)
• ISO 27001 Lead Implementer or Lead Auditor
• CDPSE, CIPM, CIPT, or other privacy-related certifications
• Experience supporting international privacy and regulatory compliance requirements.

KNOWLEDGE, SKILLS AND ABILITIES (KSAs)

• Strong knowledge of governance, risk management, compliance, privacy, and information security principles.
• Working knowledge of ISO 27001/27002, ISO 42001, SOC 2 Type II, NIST Cybersecurity Framework (CSF), NIST 800-53, HITRUST, PCI-DSS, and privacy/data protection frameworks.
• Strong analytical, problem-solving, and risk assessment capabilities.
• Ability to translate complex compliance, security, and privacy requirements into practical business guidance.
• Excellent written, verbal, presentation, and stakeholder management skills.
• Strong organizational skills with the ability to manage multiple priorities and initiatives simultaneously.
• Experience with governance, risk, and compliance platforms and supporting technologies.
• Familiarity with cloud security concepts, vulnerability management tools (e.g., Qualys), CNAPP platforms (e.g., Wiz, Qualys), and Identity & Access Management solutions (e.g., Ping, Auth0, Entra ID).

Working Conditions

Must be able to perform essential job duties. Work is performed primarily in an office environment. Typically requires the ability to sit for extended periods of time (66%+ each workday), hear the telephone, and enter data on a computer and may also require the ability to lift up to 10 pounds.

Equal Opportunity Employer

Data Analysis Inc is an equal opportunity employer. All aspects of employment, including the decision to hire, promote, discipline, or discharge, will be based on merit, competence, performance, and business needs. We do not discriminate on the basis of race, color, religion, marital status, age, national origin, ancestry, physical or mental disability, medical condition, pregnancy, genetic information, gender, sexual orientation, gender identity or expression, veteran status, or any other status protected under federal, state, or local law.