"Alerted.org

Together we change lives.

Kelly is a team of experts driven by our belief that the impact of the right person in the right job is limitless.

No matter where you are in your career journey you can apply your knowledge and passion to move people, organizations, and communities forward. You’ll have opportunities to grow your expertise and capabilities, both professionally and personally. As a team we celebrate inclusion, caring and collaboration. As a company we value your contribution, we work with integrity, and we always put people first – so your impact really will change lives.

As a Kelly Services **Global Risk & Compliance Manager (GRC)** , you will build the foundation, lead a small team, and embed governance, risk, and compliance into day‑to‑day operations. Anchored on NIST CSF and mapped to key obligations (including SOX, HIPAA, CMMC, and privacy/security standards), you’ll centralize IT risk management, streamline audits, and provide executive‑ready insights that inform decisions across a global enterprise.

Responsibilities:

Program Build & Governance

+ Establish the GRC operating model, charter, and governance forums; define roles, responsibilities, and decision rights.

+ Stand up a unified, scalable control framework anchored in NIST CSF, harmonized to SOX, HIPAA, CMMC, and aligned with GDPR/CCPA where applicable.

+ Create and maintain the enterprise risk register and RCSA processes with a consistent taxonomy, scoring, and treatment approach—aligned to Enterprise Risk Management (ERM).

Risk & Compliance Operations

+ Lead the policy lifecycle (authoring, approvals, exceptions/waivers, attestations, and communications).

+ Drive audit and compliance readiness across SOX ITGC, HIPAA, CMMC, and privacy/security commitments; coordinate internal/external audits and client security assessments.

+ Own issue/observation tracking and remediation governance; mature KRI/KPI metrics and reporting.

Vendor/Third‑Party Risk (in partnership with ERM)

+ Partner with ERM and Procurement to coordinate third‑party risk; own specific components such as security due diligence, control requirements in contracts, tiering methodology, and continuous monitoring.

Incident Governance & Resilience (with SecOps)

+ Partner with Security Operations on incident governance: playbooks, table‑tops, post‑incident reviews, and control improvements.

+ Ensure findings feed back into risk registers, policies, and control tests; align with business continuity/DR stakeholders on governance touchpoints.

Tooling, Automation & Data

+ Start pragmatically (policy management, risk register, evidence repository, issue management, vendor due diligence) while running a structured GRC platform evaluation/selection (e.g., ServiceNow IRM, Archer, Drata, OneTrust, etc.).

+ Integrate GRC workflows with IAM, CMDB/asset inventory, ticketing, to automate evidence, control testing, and dashboards.

Leadership & Communication

+ Lead and develop a small GRC team; set goals, coach, and scale capabilities.

+ Translate complex risk and compliance topics into clear, business‑centric narratives; brief senior leadership and support board/audit committee materials as needed.

+ Champion a culture of accountability and continuous improvement across technology and business functions.

Essential Skills, Knowledge & Experiences:

+ 5+ years in GRC/risk/compliance (7–10+ preferred for a senior manager) with proven program build and people leadership.

+ Demonstrated experience operationalizing NIST CSF and mapping to SOX, HIPAA, CMMC; strong familiarity with GDPR/CCPA, and leading frameworks (e.g., NIST 800‑171, ISO/IEC 27001).

+ Hands‑on experience standing up or maturing GRC workflows and driving cross‑functional change with IT, Security, Legal/Privacy, ERM, and Procurement.

+ Strong executive communication: concise, data‑driven storytelling for SVP/C‑suite and audit/board audiences.

+ Proficiency integrating processes and data across IAM, CMDB/asset inventory, ITSM/ticketing, and BI/reporting.

+ Certifications such as CISA, CISM, CISSP, CRISC, ISO/IEC 27001 Lead Implementer/Lead Auditor, or CIPP/US (valued but not required).

+ Experience evaluating/implementing a GRC platform and automating evidence collection, testing, and reporting preferred.

Total compensation package and benefits applicable to the position – understanding that each person has unique professional and personal needs focused on your total well-being.  Explore our range of benefits for full-time employees at: https://rs.benefitsatkelly.com/

_Kelly is an equal opportunity employer committed to employing a diverse, equitable and inclusive workforce, including, but not limited to, race, gender, individuals with disabilities, protected veterans, sexual orientation, and gender identity. Equal Employment Opportunity is The Law._