PSRS logo

Governance, Risk and Compliance Manager

PSRS
1 day ago
Full-time
Remote friendly (Jefferson City, Missouri, United States)
United States

PSRS/PEERS is seeking an experienced, strategic, and forward-thinking Governance, Risk, and Compliance Manager to join our Information Security Team. In this vital leadership role, you will oversee and advance the organization’s governance, risk, and compliance program, ensuring that cybersecurity policies, control frameworks, vendor diligence processes, audit activities, and documentation standards consistently support secure and risk-informed operations. Working under the general direction of the Chief Information Security Officer (CISO), you will contribute directly to PSRS/PEERS’ ability to deliver secure, reliable, and compliant services to Missouri’s public educators.

As the GRC Manager, you will build and lead the GRC function, with the opportunity to grow and supervise a team of analysts as the program matures.  You will guide policy development and maintenance, oversee the risk evaluation framework that shapes enterprise decision-making, ensure comprehensive audit readiness, coordinate vendor due diligence processes, and maintain mappings to cybersecurity frameworks selected by the CISO, such as NIST CSF or CIS Controls. Your work will support predictable audit outcomes, enforce disciplined documentation practices, and strengthen PSRS/PEERS’ overall security posture through thoughtful governance and consistent standards.

 

Salary:  $126,286 - $157,858 annually.

Pay within advertised range is commensurate with education and experience.

 

Job Type: Full-time with benefits.

 

Location: Jefferson City, Missouri.

 

 

About PSRS/PEERS:

PSRS/PEERS is the largest defined benefit pension plan in the state of Missouri, proudly serving over 320,000 members. In partnership with Missouri’s public-school districts, we are committed to providing secure and reliable retirement benefits to the state’s dedicated educators and education employees.

 

Our Information Security Team operates from our newly remodeled and expanded headquarters at 3210 West Truman Boulevard in Jefferson City, Missouri. Designed with both innovation and comfort in mind, our facility features state-of-the-art technology, advanced security, ergonomic workspaces, and collaborative areas that foster teamwork and productivity.

 

We offer a flexible, employee-friendly work environment with ample on-site parking and scheduling flexibility within our standard office hours of 7:30 a.m. to 4:30 p.m., Monday through Friday.

 

 

Your Role at a Glance:

As the GRC Manager, you will provide leadership and structure to PSRS/PEERS’ GRC functions. You will oversee day-to-day GRC operations, ensuring that governance priorities are aligned with organizational objectives and that GRC deliverables consistently meet the program's standards for accuracy and quality. As the program matures, you will have the opportunity to build and supervise a team of analysts to support this work. Your responsibilities will include owning the cybersecurity policy and standards lifecycle by maintaining policies, evaluating exceptions, managing expirations, and ensuring that compensating controls are properly documented. You will also maintain the completeness and accuracy of incident response documentation, update playbooks, and coordinate tabletop exercises while ensuring that action items resulting from those exercises are addressed.

 

You will uphold the strict documentation standards by ensuring that SOPs, runbooks, and other operational materials adhere to required versioning, evidence, and repository guidelines. You will ensure that the enterprise risk evaluation framework is applied consistently across vendor reviews, technology decisions, exception approvals, and go/no-go determinations, resolving escalations that exceed the organization's risk appetite. As the owner of audit readiness, you will establish and enforce documentation standards that allow audits to proceed smoothly, and you will coordinate audits and examinations by organizing evidence packets, reviewing responses, and monitoring findings through completion.

 

In addition, you will oversee third-party and vendor risk processes by coordinating intake and due diligence activities, prioritizing high-risk vendors, evaluating gaps, and ensuring that remediation items are tracked to resolution. You will maintain alignment with CISO-selected cybersecurity frameworks by documenting control mappings, assessing sufficiency, maintaining the control catalog, and managing the compliance calendar. You will monitor organizational adherence to policies, maintain issue and exception registers, develop security reporting for leadership, and support both Legal and IT departments in areas such as data governance, eDiscovery preparation, and preservation coordination. Through your leadership, you will cultivate a strong culture of governance, accountability, and continuous improvement, guiding staff development and contributing to long-term GRC program planning and budgeting.

 

 

Job Requirements:

The ideal candidate for this position will bring a strong blend of technical, procedural, and leadership skills. Candidates should have the ability to design and implement organizational policies and standards, maintain robust exception processes, and manage documentation with exceptional precision and consistency. A thorough understanding of audit and assurance practices, including evidence handling, sampling, workpaper development, and findings management, is essential. Candidates should have proven experience with cybersecurity control frameworks such as NIST CSF, NIST 800-53 or 800-171, ISO 27001, or CIS Controls, along with familiarity with regulatory requirements such as HIPAA. Strong knowledge of third-party risk practices, including inherent risk assessment, evidence review, and remediation tracking, is required.

 

To be successful in this role, candidates will need the ability to translate complex cybersecurity topics such as identity management, logging, vulnerability management, backups, and change control into clear, business-focused guidance that informs decisions across the organization. You should be able to work effectively with stakeholders across functions, build strong and collaborative relationships, and communicate confidently with both technical and non‑technical audiences. Demonstrated skill in supervising and mentoring team members is preferred, as is the ability to manage projects and programs that involve multiple stakeholders and long-term planning.

 

This position requires a bachelor’s degree or equivalent experience, with a degree in business, accounting, audit, information systems, public policy, cybersecurity, or related fields preferred. Candidates must also bring a minimum of 8 years of experience in governance, risk, and compliance, audit or compliance functions, cybersecurity risk, or closely related professional areas. Relevant certifications such as CISA, CRISC, CGRC, ISO 27001 Lead Implementer/Lead Auditor, CISSP, or CISM are not required; however, they are considered highly valuable for this role.

 

 

What You’ll Gain:

Stepping into the role of GRC Manager means playing an essential role in shaping and maintaining the security of PSRS/PEERS. You will have the opportunity to play a key role in shaping how cybersecurity governance and risk management are carried out across the organization, including how policies are developed, how decisions are documented, and how audits are executed. Your work will directly support mission-critical systems and processes, ensuring that risk-informed decisions are consistently applied, and that PSRS/PEERS maintains a strong, well-documented, and defensible security environment.

 

You will collaborate across multiple departments, strengthening the organization’s governance culture while helping ensure that critical business operations operate smoothly and securely. Through your leadership and expertise, you will contribute to safeguarding the retirement security of Missouri’s educators and education employees.

 

 

Why You’ll Love Working at PSRS/PEERS:

At PSRS/PEERS, we believe in supporting our employees as much as they support our mission. We offer a flexible, employee-friendly work environment with opportunities to telecommute and maintain a healthy work-life balance. Our comprehensive benefits backage includes a robust Health Savings Account (HSA), dental and vision coverage, and membership in a defined benefit pension plan that provides lifelong retirement benefits after just five years of vesting.

 

Time off is generous— employees start with three weeks of paid vacation and three weeks of sick leave annually, in addition to 12 paid holidays each year. We also invest in your growth, offering tuition assistance, ongoing training, and professional development opportunities. High-performing team members may be invited to participate in our leadership development program.

 

Beyond professional development, we foster a sense of community and connection through on-site and off-site events, volunteer initiatives, and employee-driven charitable efforts organized by our employee fund— creating countless ways to get involved and stay engaged.