Regis University

Compensation

Full Description

Take your career to the next level! In the last few years our goal has been expansion, creating growth opportunities for many of our team members. Not only are we serious about growth, but we are also serious about helping our customers during hard financial times. We take pride in providing solutions and offering a helping hand, not only to our customers but also to the communities we serve. As we continue to expand and grow into a national leader in consumer financing, we invite you to consider joining our team. If you're passionate about making a meaningful impact in people's lives and bringing a personal touch to finance, we'd love to have you on board! Job Purpose The GRC Program Manager is responsible for leading the organization’s technology governance, risk, and compliance initiatives, with a particular focus on IT General Controls (ITGCs) and SOC 2 readiness and reporting. This role provides strategic oversight of risk management processes, ensures the effectiveness of IT controls, and manages compliance activities across the enterprise. The GRC Program Manager will collaborate with IT, Security, Finance, Legal, and internal/external auditors to safeguard the organization’s technology environment and ensure adherence to regulatory, contractual, and industry standards. This role directly supports strategic banking and business partnerships by ensuring SOC 2 compliance, influences cyber insurance underwriting outcomes, and provides board-level visibility into enterprise risk posture. The position is a critical enabler of revenue growth, regulatory resilience, and corporate reputation. Duties and Responsibilities Governance & Oversight • Develop, maintain, and enforce IT governance frameworks, policies, and standards. • Provide oversight and direction for the design, implementation, and maintenance of ITGCs. • Ensure governance processes align with business objectives and best practices (e.g., NIST CSF, COBIT, ITIL). • Lead cross-functional governance councils and serve as a strategic advisor to executive leadership and the board on technology risk posture. Risk Management • Lead technology risk assessments and maintain the enterprise IT risk register. • Provide oversight into third-party/vendor risk management processes. • Partner with business and IT leaders to monitor, assess, and mitigate technology-related risks. • Integrate risk insights into enterprise decision-making, including M&A due diligence, strategic partnerships, and vendor negotiations. Compliance & SOC 2 Oversight • Manage the organization’s SOC 2 readiness, assessment, and reporting processes. • Collaborate with auditors and internal teams to coordinate SOC 2 evidence collection, remediation, and ongoing control effectiveness. • Oversee ITGC testing activities to ensure compliance with SOX and SOC 2 requirements. • Support other regulatory and certification efforts (e.g., SOX, HIPAA, GLBA, GDPR, CCPA). • Anticipate and prepare for emerging regulations such as SEC Cybersecurity rules and AI governance frameworks. Audit & Assurance • Serve as the primary liaison with internal and external auditors on ITGCs and SOC 2 audits. • Oversee the execution of control testing, documentation, and remediation plans. • Track audit findings, manage remediation plans, and report progress to senior leadership. • Deliver consolidated enterprise compliance dashboards and board-ready reports that influence executive decision-making. Metrics & Reporting • Develop and present regular reporting on GRC program performance, audit outcomes, and risk posture. • Define and monitor key risk indicators (KRIs) and key performance indicators (KPIs) to measure effectiveness of governance and compliance activities. • Present risk and compliance insights to enterprise leadership. Leadership & Collaboration • As company growth demands, lead and mentor a team of GRC analysts and specialists. • Foster cross-functional collaboration between IT, InfoSec, Finance, Legal, and Operations. • Promote a culture of accountability, transparency, and risk awareness across the organization. • Responsible for building and scaling the enterprise GRC function, including direct reports and dotted-line GRC responsibilities across departments. Technology • Own enterprise GRC platforms and implement automation and AI-enabled monitoring to enhance efficiency and assurance. Minimum Qualifications Education & Experience • Bachelor’s degree in Risk Management, Information Security, Information Technology, or related field. • 6+ years of experience in governance, risk, and compliance with at least 2+ years in a leadership role. • Hands-on experience managing ITGC programs and SOC 2 assessments. • Strong background in IT risk management and regulatory compliance frameworks. Preferred Qualifications Education & Experience • Master’s degree in Risk Management, Information Security, Information Technology, or related field. Preferred Certifications • Certified Information Systems Auditor (CISA) • Certified in Risk and Information Systems Control (CRISC) • Certified in Governance, Risk and Compliance (CGRC) • Certified Information Security Manager (CISM) • Certified Information Systems Security Professional (CISSP) • Advanced business or executive credentials such as MBA, LLM, or ISO 31000/ERM certifications. Critical Competencies Skills & Competencies • Deep knowledge of ITGCs, SOC 2 Trust Services Criteria, and control frameworks (NIST CSF, COBIT, ITIL). • Familiarity with regulations such as SOX, HIPAA, GLBA, CCPA. • Strong ability to design, test, and improve IT controls. • Excellent project management, organizational, and leadership skills; Extremely organized and detail oriented • Strong communication and presentation skills, with ability to interface with executive leadership and auditors. • Demonstrated written and oral communication skills and the ability to present to various levels of audiences • Ability to manage multiple engagements and competing priorities in a rapidly growing, fast-paced, collaborative environment • Ability to work well under pressure and manage tight deadlines • Ability to work both collaboratively and independently • Ability to influence without direct authority. Working Conditions Remote work is permitted for Manager positions and below. Additionally, Regional has offices in Greenville, SC and Plano, TX available for in person work if desired. Some travel will be required (less than 10%). • This position is a salaried position and ranges between $129,000 to $157,000 based on experience. If you are a job applicant who resides in the state of California, please review our California Employee Privacy Policy at the following link: https://regionalfinance.com/wp-content/uploads/2022/11/UPDATED-Employee-Privacy-Policy-11.2022.pdf Regional is an equal opportunity employer and does not discriminate on the basis of race, color, religion, creed, national origin, sex (including pregnancy, childbirth, and related medical conditions), sexual orientation, gender identity, transgender status, age, disability, genetic information, veteran status, uniform service, or any other characteristic protected by applicable law (“Protected Characteristics”). Regional’s policy of non-discrimination applies to all phases of the employment process and relationship, including, but not limited to, recruitment and selection; compensation and benefits; professional development and training; promotions and opportunities; transfers; social and recreational programs; layoff; and terminations. Founded in 1987, Regional Finance provides services to 450,000 customers annually and provides employment for over 1750 team members and growing. We place an emphasis on making a meaningful difference in peoples’ lives by bringing a personal touch to finances and a commitment to diversity, equity, and inclusion that creates a work environment where all employees have a sense of belonging. Team members will have the opportunity to give back to their communities through our outreach program, Regional Reach, that services many organizations throughout the year such as the American Heart Association. Regional Finance is continuously expanding with future plans to become a national brand. Whether you are looking for a job in finance, customer service or even a management role, there are many opportunities for advancement within our company. Team members have an incredible benefits package, including but not limited to a comprehensive medical, dental, and vision plan, 401k plans with a company match, and PTO and paid holidays. At Regional Finance, we care about each other, our customers, and our communities and look for each Team Member’s strengths to meet our shared goals. We offer a variety of incredible benefits, including but not limited to a comprehensive medical, dental, and vision plan, 401(k) plans with matching company contributions, PTO and paid holidays, paid parental leave and an employee assistance program for mental health and counseling. Notice to California Applicants Regional Management Corp. (“Regional Management,” “we,” “our,” or “us”) respects the privacy of our employee’s personal information. Pursuant to the California Consumer Privacy Act (“CCPA”), as amended by the California Privacy Rights Act of 2020 (“CPRA”), we are required to provide California employees and job applicants with a privacy policy that contains a comprehensive description of our online and offline practices regarding our collection, use, sale, sharing, and retention of their personal information as well as a description of the rights they have regarding their personal information. This Privacy Policy provides the information the CCPA requires as well as other useful information regarding our collection and use of employees and job applicants’ personal information. If you are a job applicant who resides in the states of California, please review our California Employee Privacy Policy by clicking on the following link: California Employee Privacy Policy